RX Kerberos 5 security class requirements of Kerberos library

Nicolas Williams Nicolas.Williams at sun.com
Wed Jan 3 16:01:46 EST 2007

On Wed, Jan 03, 2007 at 01:17:11PM -0600, Douglas E. Engert wrote:
> There might be a misconception as to what AFS means by the -localauth
> parameter. It means get a token (i.e. k4 ticket) using the local KeyFile.

Yes.  We're not all AFS gurus here, so be careful with AFS terminology.

> Its not clear if the "OS facilities for local auth" you are referring
> to could handle this across two servers.

At least getpeerucred(3C) on Solaris is intended to eventually support
operation across a network.  For now it does not.


More information about the krbdev mailing list