Ken,
> I believe that when people say "AFS Kerberos authenticated POP", they
> are talking about the former, because the latter is actually difficult
> to impossible.
This is just wrong.
> In short:
>
> - AFS Kerberos discards the TGT after authentication has been completed,
> so all you're left with is an AFS service key, and no way to get any
> other service keys.
Use the <foo>.krb functions instead of the <foo> functions. e.g.,
klog.krb. This will give you a ticket file w/ TGT. These programs
are distributed by Transarc.
> - To use the AFS service key for authentication, you'd have to store
> the AFS fileserver key on your POP server, _and_ you'd have to create
> _another_ unspecificed KPOP protocol :-)
Um, Ken, you're confused. You don't use the AFS service key; you
create a new POP service key, which you store in the KAServer. Also,
you use the CURRENT, unspecified KPOP protocol. The MIT Kerberos
Distributions contain both client and server code for KPOP.
-derek
