On Fri, 17 Mar 2000, Ken Hornstein wrote:
> I'm not sure how a GSS-API aklog would _work_. You're not
> authenticating _to_ anything ... you're getting a service ticket that
> you're cramming into the kernel (after converting it to V4). How
> would you use GSS-API in that case?
this is nasty and wrong, but...
perhaps you could just call gss_init_sec_context() once with the krb5
mechanism and "afs" service specified, and convert the krb5 service ticket
returned (as a GSS token) to a krb4 ticket to be poked away somewhere.
the only reason i can see to do this would be to use the underlying,
native win2k krb5 implementation to acquire the initial afs@REALM ticket,
so that you'd only have to port over the 524 conversion routines/service,
not an entire Kerberos distribution.
-d.
---
http://www.monkey.org/~dugsong/
