>I'd like to get to the point where I'd be able to deploy kerberized and
>encrypted telnet, rlogin, IMAP, ssh, VPN access, and so on, but I'm not
>clear on whether AFS's kaserver is sufficient for this. I get the
>impression that it's not sufficient, due to the fact that the
>ticket-granting-ticket is discarded after the AFS token is acquired... Is
>this correct?
This isn't a function of the kaserver; it's a function of the client code.
But the big problem is that with the kaserver, you're limited to V4.
>Would I be better off with Kerberos 4 or 5 in the long run?
Kerberos 5, _definately_. All of the new protocols you mention (well,
perhaps with the exception of VPNs) have some support for Kerberos 5, and
that's definately where things are heading. And if you're new to Kerberos,
you'll find that there's almost no software available out there for V4,
but there's a significant amount of software that now supports V5 in some
form.
>Also, does the Kerberos realm have to match the DNS domain name of the
>machines in the realm?
"no", but you'll save yourself a lot of pain in the long run if you
make them the same.
--Ken
