>Um, Ken, you're confused. You don't use the AFS service key; you
>create a new POP service key, which you store in the KAServer. Also,
>you use the CURRENT, unspecified KPOP protocol. The MIT Kerberos
>Distributions contain both client and server code for KPOP.
But at this point you're using Kerberos 4, not "AFS Kerberos" (the
same goes for the <foo>.krb programs; they get a Kerberos 4 TGT).
I think when people talk about "AFS Kerberos" (especially in this
thread), they're talking about different things; I'm not even sure
what "AFS Kerberos" means exactly myself :-) Is it something with
happens to look a lot like Kerberos 4, but uses RX as a transport
mechanism? Does it include Kerberos 4, since the kaserver will
act as a Kerberos 4 KDC? I think that's where the confusion comes
in.
I know all about setting up POP; I've done that many times :-)
People in the past have asked about using your AFS token for
validation to other services, and that's what I was trying to
explain (and explain why you shouldn't do that :-) ).
--Ken
