On Friday, April 14, 2000, 9:44 PM -0400 Ken Hornstein
<[EMAIL PROTECTED]> wrote:
> The two easy solutions are:
>
> - Run KDCs on your database servers
> - Add your KDCs to your CellServDB on the windows machines
>
> I did the latter at first; worked fine (Once the "wrong" DB servers timed
> out, everything was okay).
We did the same, and it works fine. It helps a bit if the KDC(s) are
listed first, since that way they will be queried first when searching for
tickets. As Ken notes, the extra entries won't bother the cache manager
once it figures out they aren't running vlservers.
> Better solutions:
>
> - Find the person who decided to use the Kerberos protocol in the Windows
> client instead of RX and slap them silly (okay, there MAY have been
> a reason, but certainly RX has been ported to Windows, so that couldn't
> be the issue!). This won't solve your problem, but you'll feel better.
Actually, it is my impression that other than the cache manager service
itself, no part of AFS for WinNT actually used Rx at the time the port was
done. Remember that this started out as a hack to prove it could be done,
and only became a product after it was clear there was some interest. The
real answer here is that it should be rewritten.
> - Get Transarc to release an AFS with Kerberos 5 support! I had heard
> rumors this project has died/stalled; anyone got any more information?
I'm afraid that is probably the case. Ben Cox was working on this last
year before he left Transarc. I heard assurances that the work would
continue, but I have seen nothing since then to indicate that it has.
In any event, I'm not sure how Krb5 support will help in this case. As you
know, Win2K uses the Kerberos protocol, but doesn't export a krb5 API to
applications, or AFAIK provide them with any way to read the credentials
cache. So, Krb5 support in Win2K doesn't make it any easier than before to
port Kerberos-aware applications to Windows.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
