[OpenAFS] Re: feasibility of moving lightweight-principals issue "upstream" to kerberos

Ken Hornstein kenh@cmf.nrl.navy.mil
Wed, 04 Jan 2006 00:43:09 -0500

>Ken Hornstein <kenh@cmf.nrl.navy.mil> writes:
>> Be careful; in one sense, krb524d and gssklogd are basically the same
>> program, especially in terms of client transparency.  It's just that
>> the utilities to use one of them are much more widespread.
>Ah yes. I wasn't aware that they shared code, although I do know that
>they operate on essentially the same principle.

I believe they share some code, but I was talking about the same principal;
they both purport to take something that OpenAFS doesn't support and
convert it into something that it does.

>But the "client side" of krb524d is built into the aklog that ships
>with OpenAFS, while the "client side" of gssklog is not.  It's not
>just the widespreadness, it's the fact that you can safely assume that
>anybody who has installed a recent version of OpenAFS is guaranteed to
>have the krb524d client.

Except that the aklog that comes with OpenAFS isn't a krb524d client
by default, and it almost wasn't one at all (I only left that code
in for compatibility with crappy sites that haven't upgraded from
either Transarc AFS or relatively old versions of OpenAFS).