On Monday, July 03, 2006 02:12:15 PM -0400 Sean O'Malley <[EMAIL PROTECTED]> wrote:
If I was going to hack at say the pam_krb5afs module. and just wanted to auth, set a pag, grab a ticket and then a token against a krb5 cell and ignore ALL backwards compatibility (mainly for simplicity sake.) I am trying to avoid 524 support, krb IV, and a few other things which just complicate my life when building this. Am I looking at 2b token support or have we progressed to just using kerberos tickets? :)
Either will work, as long as you use the correct magic "kvno" to let the server know what's going on, and as long as the enctypes are DES.
The 2b format was designed so that existing AFS clients and krb524-aware aklog and equivalent could be used without modification, to enable a quick transition. As such, it had to fit in the available space in existing cache managers, and be something that could be substituted for a krb4 ticket in the krb524 response (which is little more than a ticket to begin with). Fileservers have supported full Kerberos V5 tickets for about as long as 2b.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
