On Tue, Jun 06, 2000 at 10:27:44PM -0500, Douglas E. Engert wrote:
> True, but the point was to use K5 authentication, and AFS could continue to do
> what ever it wants for its protocol. The point you make are improvments to
> the protocol, which could occur at a later time.
...
> The above are also improvments to the AFS protocol, which don't need
> to be made to get the authenticaiton to use K5. It will still limit
> it to a 56 bit DES key.
I don't know whether I have misunderstood, but you might have a look
at the KTH kerberos 5 server, heimdal. It is able to
(1) Import AFS kerberos databases from a Transarc kaserver, giving
(as I understand it) kerberos 5 authentication using existing
passwords.
(2) Serve standard AFS kaserver requests, so that it can replace a
Transarc kaserver.
This means, if I understand correctly, that your AFS cell could
interoperate with a K5 server without needing changes to the current
Transarc binaries. The heimdal server needs to be compiled with
the options '--enable-kaserver --enable-kaserver-db' and linked
with the KTH kerberos 4 libraries, and you need some special options
in the kdc.conf file.
-- Owen
[EMAIL PROTECTED]
