[6437] in Kerberos
Re: Performance of CNS vs. AFS kaserver?
daemon@ATHENA.MIT.EDU (Michael Grubb)
Fri Jan 5 12:12:57 1996
To: kerberos@MIT.EDU
Date: 5 Jan 1996 11:37:24 -0500
From: mg@ac.duke.edu (Michael Grubb)
In article <4chngt$17bn@bigblue.oit.unc.edu>,
Trey Harris <harris@email.unc.edu> wrote:
>In article <Ikv1D1G00WBwA11nlN@andrew.cmu.edu>,
>John Gardiner Myers <jgm+@CMU.EDU> wrote:
>>The ".krb" versions are useful for getting MIT/CNS clients to use the
>>Transarc server, not the other way around. To use a MIT/CNS server,
>>you would have to use a MIT/CNS login and other clients. You'd have
>>to modify the clients (or use aklog) to install an AFS token in the
>>kernel.
>Are you sure about this? The .krb commands supplied (klog, pagsh, tokens,
>and login/authenticate plugins) are all authentication clients.
The essential difference between the Transarc login and login.krb is that
login gets the user an AFS token, while login.krb gets the user an AFS token
*and* a K4 ticket.
This is only useful if you have either modified your K4 clients to use the
AFS stringtokey or modified your AFS kaserver to use the MIT stringtokey.
If you want to replace the AFS kaserver entirely with an MIT/CNS K4 KDC,
you will not be able to use the Transarc login.krb, etc., because they use
the wrong stringtokey. You will have to add AFS token functionality to the
standard K4 clients, or use aklog, as John pointed out.
I am told that a K5 KDC can be properly configured to interoperate with
Transarc's AFS in lieu of a kaserver without the need for modifying the
client software.
Why Transarc persists in not shipping an AFS kaserver that can interoperate
with unmodified K4 clients is beyond me.
-- M.
--
Michael Grubb <mg@ac.duke.edu>
Duke University Office of Information Technology
phone +1 919 660 6903 / 417 North Building, Durham NC 27708-0132 USA
"Whom does the Grail serve?"
