"Richard Basch" <[EMAIL PROTECTED]> writes:
> The kaserver supports Kerberos-style requests, but its primary mode of
> operation with AFS clients is a special-style, using Rx. I suspect that
> klog.krb makes use of the rx connection to the kaservers, rather than
> the MIT-style Kerberos UDP "connection".
Correct, to my knowledge. klog.krb is a version of klog that writes
Kerberos ticket files, *not* a version of klog that talks to MIT
Kerberos servers
> The reason we run our Kerberos servers separately is for several
> reasons:
> o We had an already established set of servers and a large database.
> o We don't want our Kerberos servers providing any other services or
> protocols through which security might be lessened.
The irony of this is that the MIT protocol for obtaining initial
tickets has weaker security than the Transarc one.
People interested in AFS/Kerberos
_.John
