> The string_to_key function is performed on the client, not the server.
> The server is irrelevant, except in that v5 servers will give v5
> clients hints as to which of several possible string_to_key function
> they should use.
>
> V5 clients generally don't know about the AFS string_to_key, so using
> the AFS string_to_key with V5 clients is impractical.
I guess what I was wondering was how hard it would be (or if someone
had already done it) to hack the library code to know about something
like KEYTYPE_AFS in addition to KEYTYPE_DES. For most things, they
would be used equivalently (like for encrypting up messages, you'd use
the same routines). For actually doing string_to_key, you could call
the AFS one instead of the regular DES one. As people change
passwords, you could have the new passwords be KEYTYPE_DES so that you
could migrate away from the AFS string_to_key. The problem with this
is that the code seems to be pretty dependent on KEYTYPE_DES (they
check to make sure that the key type is KEYTYPE_DES in some of the
routines), so I don't know how easy it would be to plug in
KEYTYPE_AFS.
-Scott
