AFS and Kerberos 5
Sam Hartman
hartmans at MIT.EDU
Tue Jul 22 21:42:40 EDT 2003
>>>>> "Russ" == Russ Allbery <rra at stanford.edu> writes:
Russ> Sam Hartman <hartmans at mit.edu> writes:
>>>>>>> "MattW" == MattW <mbw at u.washington.edu> writes:
MattW> Can I leave my Kerberos 5 KDC in pure Kerb 5 mode or do I
MattW> have to run some kind of Kerb 5-to-4 daemon to issue kerb 4
MattW> tickets to the AFS server - I'd like to be pure kerb 5 if
MattW> possible.
>> You could in theory use a special aklog, but you are probably
>> better off running a krb524d.
Russ> Out of curiosity, why would you say that? The native
Russ> Kerberos v5 support in OpenAFS looks a lot nicer and means
Russ> that there's no Kerberos v4 exposure at all.
Because when I looked at writing an aklog to do this, I found that I
needed some ASN.1 library routines that are not exported. So, the
code wouldn't work on Mac or Windows and will break between versions
of Kerberos on Unix.
You might be able to get kvno 256 working; didn't try that.
More information about the Kerberos
mailing list