>The OpenAFS and Arla community is working on support for somewhat more >native krb5 authentication to AFS. Servers will support the >encrypted part of a krb5 ticket sent with a special kvno as an AFS >token. It turns out that if you have a special krb524d this >improvement allows you to upgrade to doing krb5 AFS without any client >changes.
I think this is a great change, but one question: it seems like you could do this _without_ the involvement of krb524d, right? I mean, aklog should have all of the pieces it needs without involving krb524d. I know, it's easier to upgrade one server than all of the clients, so the change still makes sense; I'm just thinking about the "mid-term" solution. --Ken ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
