On Thu, 28 Dec 2000, Michael Pelletier wrote:
> Ahhh, I think get it now. So you can use klog.krb and use the stock
> kaserver included with AFS to support a Kerberos 4-based authentication
> scheme for AFS and other services, is that correct?
Yes. That's how we're currently set up here. We're just starting to
look into replacing kaserver with K5.
> Makes sense, thanks for the info! Also, with respect to implementing a K5
> realm, what sort of considerations should I take into account when
> choosing a machine to serve as the KDC? I know the FAQ 2.2 mentions that
> you can choose a small machine with very little CPU power and a small
> disk, but that usually precludes much in the way of hardware redundancy.
> Does the system of slave servers and failover work well enough that this
> becomes a non-issue?
Since I've only personally managed kaservers I can't answer MIT K4/K5
questions from experience, but from what I've heard the only thing that
doesn't work when the master server is down is password changes. And
of course nobody ever does that until you force them to... Still I
would look to someone with more experience than me to weigh in on this
question. Several of them already responded to your first message.
-Mitch
