> The kerberos compatibility code in the kaserver won't grant tickets
> that start more than 15 minutes in the past or the future.
There are a lot more incompatibilities bewteen kaserver and MIT
kerberos than just this! For example, if you use MIT Kerberos'
"kinit" program and ask for a non-existant ticket, it will just die,
since the kaserver is so stupid that it will return an error packet
with a NULL error in it, so the kerberos client wont know what error
there is...
Personally, I'd suggest that if anyone wants to do ANYTHING using
Kerberos other than plain AFS authentication, that they use MIT
Kerberos, since the kaserver basically doesn't deal with Kerberos
well. I've tried to use it. I still have a cell that has a kaserver
running, but whenver I try to use it anything real (i.e., other that
to get myself a token) I find problems with it....
So, again, I reiterate my statement: If you plan to use Kerberos
authentication for anything other than AFS tokens, USE MIT KERBEROS!
***DO NOT USE KASERVER*** -- it was cause you more problems then you
will want to deal with. No offense to those transarc people amongst
this list, but kaserver sucks hairy rocks....
I have a bug-list so big that I can't even submit it!!!
-derek
