You CAN have both MIT and Transarc Kerberos servers, though not (I guess) on the same machine. We have a DECathena MIT Kerberos set up which gets an MIT ticket and runs aklog. However, we also have kaserver running on the AFS db servers so that we can still klog independently of DECathena, and allow off campus users from AFS only sites to use klog for authentication. The trick is to ensure that the afs.cell.name ticket has the same key on both systems, as the client-server authentication relies entirely on the server believing that if the ticket the client supplies it with contains a message encrypted in it's own server key, then they must both be trusting the same server. Peter Lister Email: [EMAIL PROTECTED] Computer Centre, Cranfield University Voice: +44 234 754200 ext 2828 Cranfield, Bedfordshire MK43 0AL UK Fax: +44 234 750875 --- Almost (but not quite) entirely unlike tea ---
Re: Transarc to MIT Kerberos Migration
Peter Lister, Cranfield Computer Centre Wed, 22 Sep 93 07:06:51 -0400
- Transarc to MIT Kerberos Migration Chris Cowan
- Re: Transarc to MIT Kerberos ... Joseph_Jackson
- Re: Transarc to MIT Kerberos ... Peter Lister, Cranfield Computer Centre
- Re: Transarc to MIT Kerberos ... Marc Horowitz
