I've been successful using the Athena Kerberos library with AFS as the
authentication server. The trouble I have is that the sites who are
trying to built my code don't have the Athena libraries installed, nor
have they fixed klog to always write ticket files. So, I am looking
into the feasability of using only AFS calls to do my Kerberos work. I
only use "krb_mk_req", "krb_get_cred" (to get the session key), and
"krb_rd_req". I am not using the Kerberos library to transport the
ticket across a socket, etc. Pretty basic stuff.
I found the AFS "ka_GetServerToken" which appears to do what I want, but
I fear that it is hard coded to only handle "afs" as the server
principal. It returns error code 11862787 which appears to be
KTC_NOENT. Perhaps a principal somehow must be marked to allow it to be
used as a server?
-todd inglett
