Something I've never been very clear on as part of the conversion to Kerberos 5: The whole asetkey and afs principal operation. Could anyone explain what is going on there in detail for my (and everyone's) understanding/documentation?