In article <[EMAIL PROTECTED]>,
John Gardiner Myers <[EMAIL PROTECTED]> wrote:
>... It makes no sense running two separate databases
>in one Kerberos realm.
I certainly agree that running one db makes more sense than two. We're
also seriously considering going into production with a kaserver to
Kerberos protocol translator that also accomplishes the same effect by
leaving the existing Kerberos db in place and routing AFS ticket
requests received by a kaserver stub running on the AFS db servers
to/from a specialized AFS TGS running on the KDC machine. I was
skeptical that a translator service could be done easily but it was
prototyped in a few days and seems to work fine from what we can tell
so far.
If others are interested in this approach, we can probably distribute
the code if/when it is finalized.
