Gary Gatling <[email protected]> writes: > Thanks so much.
> We are using AFS with Kerberos 5. In that case, you want to toss out anything that's using the ka_* functions, such as reauth, because they won't work. Those are all specific to the kaserver. kstart should do what you want, I believe, in a Kerberos v5 sort of way, although I forget if reauth was one of the programs that cached the password in memory. If so, I have intentionally not implemented that functionality in kstart (at least yet) since it makes me unhappy from a security perspective, but I probably will eventually. Currently, kstart requires that you create a keytab if you want to do persistant reauthentication. (One of the reasons why I'll probably implement it anyway is that storing the password in memory is probably still more secure than creating a keytab file on disk.) -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
