On 06/06/00 11:09:40 -0500 "Douglas E. Engert" <[EMAIL PROTECTED]> wrote:
> At one time, Transarc offered a AFS to DFS migration kit. One of the
> features was the translator, which acted lie an AFS server, but accessed
> DFS used the encrypted part of the K5 ticket as the token. So the AFS
> cache manager, should already have some of the K5 code as you would do
> this in the aklog:
> atoken.kvno = RXKAD_TKT_TYPE_KERBEROS_V5;
>
> Its just the AFS servers which would need to look at the token
> differently.
Unfortunately, it's not that simple. The DFS migration toolkit required a
number of special tools, including a translation server. The cache manager
knows nothing about krb5; it believes it is talking to a normal AFS server
using normal V4-based rxkad.
Actually making everything use Kerberos V is considerably more complicated,
especially if you want to maintain compatibility, which is very important
to Transarc. Back when this project was still active, I talked with the
developer about the details of how it would work. It's possible, but not
trivial.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
