AFS and kerberos

Russ Allbery rra at stanford.edu
Sat Jul 28 13:00:02 EDT 2007


Faeandar <mr_castalot at yahoo.com> writes:

> Thanks for the info but I'd like to followup with a question.  What are
> you using both Kerb4 and Kerb5 for on the same host?

Our only remaining K4 services are Zephyr, which we're going to turn off
probably within a few months; an in-house event middleware system that's
in the process of being replaced and which is going away sometime around
November; and our srvtab/keytab distribution system, which I'm writing a
K5-based replacement for.  Some of our older servers still allow K4
authentication for rlogin, rsh, etc., but all of them should now allow
either K4 or K5.

For a long time, we kept K4 around for AFS because we hadn't gotten around
to doing the key synchronization with the AFS kaserver and because we
didn't have the new aklog everywhere, but we're phasing that out quickly
now.  Only our old builds still have a K4-based aklog.

For most hosts, we install the Kerberos v4 configuration only to allow
leland_srvtab to be run to get srvtabs and keytabs, and then it goes
unused after that.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list