I sent this to the Kerberos list last week, others on the AFS list might be interested as well. Doug From: Doug Engert <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Subject: Re: Performance of CNS vs. AFS kaserver? Date: Fri, 5 Jan 1996 16:05:58 -0600 Derrick J. Brashear writes: > Excerpts from netnews.comp.protocols.kerberos: 5-Jan-96 Re: Performance > of CNS vs. .. by John Gardiner Myers@CMU. > > At CMU, we've modified those two programs to know about both > > string-to-keys and to prefer the MIT one. As a result, we have a > > kaserver with most of the keys encoded in the MIT string-to-key. > > Unfortunately, we can't distribute the modified clients because they > > are encumbered by Transarc ownership. We at ANL also use the AFS kaserver as the KDC. (Both Derrick and John were very helpful with the project. Thanks again.) We have a modified version of the MIT kpasswd which tries both string_to_keys when asking for the old password, and then uses the MIT string_to_key with the new password to get the new key. It then sends the this to a modified MIT kadmind which is running on the same machine as the kaserver. The kadmind issues as AFS kas setkey command to save it in the AFS database. Once your password is changed once, you can then use unmodified MIT kpasswd client as well to change passwords. The code can be found at ftp://achilles.ctd.anl.gov/pub/kerberos.v4 See the README file there. > Of course, you could complain to Transarc to incorporate it. I know they > have the patches:-) We tried that back in 1993. They never did figure out what we were talking about then either. (If they did, it would be much easier to convert from AFS to DCE/DFS now.) Douglas E. Engert Systems Programming Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (708) 252-5444 Internet: [EMAIL PROTECTED] ------- end -------
