[OpenAFS] kaserver deperecation, OpenAFS future, etc...

Derrick J Brashear shadow@dementia.org
Thu, 19 Oct 2006 09:22:52 -0400 (EDT)

On Thu, 19 Oct 2006, John Hascall wrote:

> We've never used kaserver (we already were using Kerberos
> when we started on AFS), but it seems to me that the one
> really advantage of kaserver over a true KDC is that it
> had real replication instead of a master/slave model.
> So can somebody in the know comment on why "ka5server"
> wasn't the answer (for those who use kaserver)?

Krb5 is heavier and thus not as easy to implement, and the kaserver 
database format wouldn't allow multiple key types. I wanted something 
ubik-backed badly, and my last job suffered a bit for it. It's not 
practical to implement yet another krb5 kdc, unless *maybe* you require 
someone else's libraries. At that point, use their KDC, too.