[OpenAFS-port-darwin] How to avoid 524 with the Mac plug-in

[Henry B. Hotz]

AFAIK the aklog plug-in for OSX/Kerberos is strictly a Kerberos 4  
thing.  It relies on the native Kerberos lib's to automatically do the  
524 translation.  In turn that means you have to clutter up a standard  
krb5 configuration with [v4 realms] type stuff.

Since it *only* does Kerb 4 it also means that you can't even get a  
"b2" token.  The 524 is done on the krbtgt, and the afs tgs-req is  
strictly kerb 4.

Granted, not many of us are in a pure Kerb 5 environment yet.  Do I  
need to look at filling this hole for the future?

(I'm talking about the Stanford/Umich plug-in.  The KTH plug-in isn't  
being maintained, but looks like it at least knows Kerb 5 exists.)
------------------------------------------------------------------------ 
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu