> No, because that's not a function of the kaserver. It's a function of the
> klog program. Use klog.krb, MIT Kerberos with kinit+aklog/cklog, or KTH
> Kerberos or Heimdal with kinit+afslog or kauth.
I'd run the Heimdal kdc. It can do a lot of things for you. At KTH,
all big kdcs have been converted from kth-krb(4) kdcs to Heimdal kdcs.
As the Heimdal kdc is backwards compatible and does not force you to
use heimdal clients the kth-krb clients are still widespread. This is
of course the case because they have been around for a long time and
are very well tested.
> | Also, does the Kerberos realm have to match the DNS domain name of the
> | machines in the realm?
> +--->8
You don't need to have matching DNS domain name, kerberos realm or
cell name. That's up to your administrative structure you want to
create. It's good to keep things simple in the beginning. It's one
thing less to think about and to explain to your users.
Harald.
