[OpenAFS] kaserver deperecation, OpenAFS future, etc...
Derrick J Brashear
Thu, 19 Oct 2006 09:22:52 -0400 (EDT)
On Thu, 19 Oct 2006, John Hascall wrote:
> We've never used kaserver (we already were using Kerberos
> when we started on AFS), but it seems to me that the one
> really advantage of kaserver over a true KDC is that it
> had real replication instead of a master/slave model.
> So can somebody in the know comment on why "ka5server"
> wasn't the answer (for those who use kaserver)?
Krb5 is heavier and thus not as easy to implement, and the kaserver
database format wouldn't allow multiple key types. I wanted something
ubik-backed badly, and my last job suffered a bit for it. It's not
practical to implement yet another krb5 kdc, unless *maybe* you require
someone else's libraries. At that point, use their KDC, too.