[4778] in Kerberos
Re: Kerberos on Xyplex terminal server, how to authenticate?
daemon@ATHENA.MIT.EDU (daemon@ATHENA.MIT.EDU)
Fri Mar 10 00:38:28 1995
To: kerberos@MIT.EDU
Date: 10 Mar 1995 04:42:20 GMT
From: gwz@geek.ocsg.com ()
In article <3jkojq$r8e@pad-thai.cam.ov.com>, jik@cam.ov.com (Jonathan I. Kamens) writes:
|> In article <Pine.3.05.9503071857.C7238-a100000@kerby.ocsg.com>, bobg@ocsg.com (Bob Gassen) writes:
|> |> CyberSAFE has extensive V4 compatibility with our 5.2.5 release due out this
|> |> month. For details, please email me and I will be glad to share them with you.
|>
|> OpenVision's Kerberos 5 product has had V4 backward-compatibility since its
|> initial release.
|>
|> Contact me for details.
|>
|> --
|> Jonathan Kamens | OpenVision Technologies, Inc. | jik@cam.ov.com
I'm not sure what Jonathan means by "V4 backward-compatibility"; I think I know
what Bob meant by "extensive V4 compatibility", though, and I suspect that they
are not the same.
CyberSAFE's KDC would honor V4 ticket requests in the first couple of releases;
unfortunately, we broke V4 compatability somewhere along the line ;-(. The new
release (in final test now) includes the folowing compatability features:
kinit can obtain both V5 and V4 TGTs
klist and kdestroy both automatically detect the presence of both V4 and
V5 cred caches and do the right thing. If you have both a V4 and
a V5 cache, klist will list the tickets in both and kdestroy will
eradicate both.
The r-util clients and telnet do both the V4 and V5 protocols,
automatically determining the correct creds to use.
The r-util daemons and telnetd support both V4 and V5 protocols and
understand both srvtab formats (as well as the old V5 format still
used by DCE).
kdb5_convert actually works (even with server principals!).
V4 srvtabs can be generated from the V5 database.
V4 kpasswd requests are honored, and the passwords changed in the V5
database.
The upshot is that we've made it possible to migrate in a sane and orderly
fashion from V4 to V5. After converting their KDC(s), users can convert machines
one at a time to V5 and the converted machines will still be able to interoperate
with unconverted V4 machines in a largely transparent fashion. I believe that
that is what Bob meant by 'V4 compatability'. What did you mean, Jon?
--
~ gwz
Glen Zorn Senior Scientist Voice: 206-883-8721
gwz@cybersafe.com CyberSAFE Corporation FAX: 206-883-6951
Since I was forced to write it by the alien parasite which attached itself to
my brain stem during my recent visit to an isolated area of Northern Arizona,
it could hardly be construed that this message would reflect either the
opinions or the policies of my employer.