Marcus Watts wrote: > That's fine and a good idea -- except that's only MIT. There ought to > be something similiar that works with Heimdal (which hasn't got kvno), > and I'd really like to see something that comes with openafs that will > be linked against the same kerberos libraries as the actual run-time > servers will be using. Whatever we do, there are already many > systems with more than one version of kerberos installed, > and this probably won't improve in the near term.
I'm sure that Love has something equivalent in Heimdal. In any case, you can post the suggestion to both the [EMAIL PROTECTED] and the Heimdal list. MIT and Heimdal do talk to each other when it comes to exporting functions and adding commands. > Also I don't think kvno quite fits (at least not as is); kvno doesn't > do initial authentication and works with a regular user tgt & any > service - very useful but not the same thing really. I don't understand why this requires initial authentication. The question is whether or not the contents of a keytab containing an entry for a specific service can be used to decrypt the service ticket that is obtained from the KDC. This can be done without initial authentication. kvno was added to MIT Kerbeors to assist in the debugging of services whose authentication did not work. It is a natural extension to add the keytab verification piece to it. In fact, I'm sure that Sam Hartman is going to wish he thought of it. Jeffrey Altman _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
