Is this too big of a change?

Ken Hornstein kenh at
Mon Aug 26 14:16:01 EDT 2002

>The OpenAFS and Arla community is working on support for somewhat more
>native krb5  authentication to AFS.  Servers will support the
>encrypted part of a krb5 ticket sent with a special kvno as  an AFS
>token.  It turns out that if you have a special krb524d this
>improvement allows you to upgrade to doing krb5 AFS without any client

I think this is a great change, but one question: it seems like you could
do this _without_ the involvement of krb524d, right?  I mean, aklog should
have all of the pieces it needs without involving krb524d.

I know, it's easier to upgrade one server than all of the clients, so the
change still makes sense; I'm just thinking about the "mid-term" solution.


More information about the krbdev mailing list