[OpenAFS] Changes for Mosaic's AFS cell...

Ken Hornstein kenh@cmf.nrl.navy.mil
Thu, 06 Apr 2006 11:56:02 -0400

>2.  I'm curious as to why no one responded to the problem with xlock and 
>xscreensavers relating to PAM, K5 tickets, and tokens.  Is this some kind 
>of state secret, or are we the only ones with the problem?  To summarize 

Honestly, I just used the native kerberos code in xlockmore to solve
this.  However, I'm biased, since I wrote it.  I don't know if xscreensaver
has native Kerberos 5 code, but it doesn't seem like it would be that
hard to write.

>4.  I gather from the responses that we need a "special" AKLOG to remove 
>the need for the 5 to 4 daemon in a pure K5 environment.  I'm unsure what 
>is meant here by "special".  I mean the OpenAFS Windows client ships with 
>AKLOG.  Is it special?  Is the Linux version "special"?  This is cause for 
>concern, and leads me to believe that getting rid of the 5 to 4 service is 
>literally never going to happen, so using pure K5 tickets is just more or 
>less techno-fluff experimentation for now.  The issues seem to be...

If you're using an aklog that is built from sources in OpenAFS, it's all
you need.  This is apparantly not true on some binary distributions on
Linux; you will need to take that up with the people who make the binary
Linux distributions.