Is this too big of a change?
Ken Hornstein
kenh at cmf.nrl.navy.mil
Mon Aug 26 14:15:29 EDT 2002
>The OpenAFS and Arla community is working on support for somewhat more
>native krb5 authentication to AFS. Servers will support the
>encrypted part of a krb5 ticket sent with a special kvno as an AFS
>token. It turns out that if you have a special krb524d this
>improvement allows you to upgrade to doing krb5 AFS without any client
>changes.
I think this is a great change, but one question: it seems like you could
do this _without_ the involvement of krb524d, right? I mean, aklog should
have all of the pieces it needs without involving krb524d.
I know, it's easier to upgrade one server than all of the clients, so the
change still makes sense; I'm just thinking about the "mid-term" solution.
--Ken
More information about the Kerberos
mailing list