Michael,
We are running MIT Kerberos V4 clients using the AFS Kaserver
as the Kerberos KDC. I don't think there is anything new in 3.4, but I
have not read the release notes. We are using 3.3a.
The Kaserver will respond to Kerberos V4 requests on port 750. But there
are two main differences:
o The string_to_key function is used to gerenrate your DES key from
your password. The AFS string_to_key function also uses the cell
name in this process. The MIT string_to_key does not.
The AFS klog command is smart enough to try both of these to see which
one will work!
o The lifetime of a kerberos ticket is a 8bit field, with a 5 minute
count gives about 8 hours. AFS maps this differently to give a 30
day max.
There is a klog.krb command which will save the Kerberos V4 TGT, and
there is also a aklog program from MIT which will get an AFS token
starting from a V4 TGT.
If you are intereseted in any of this, see:
ftp://achilles.ctd.anl.gov/pub/kerberos.v4/...
We are curently working on doing the same thing with DCE and Kerberos V5.
i.e.using the DCE security server as the KDC with the MIT clients. So far
things are working.
We are also working on a version of aklog which when combined with the
krb524d will give you an AFS tokens from the DCE security server.
Douglas E. Engert
Systems Programming
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(708) 252-5444
Internet: [EMAIL PROTECTED]
