[6439] in Kerberos
Re: Performance of CNS vs. AFS kaserver?
daemon@ATHENA.MIT.EDU (John Gardiner Myers)
Fri Jan 5 15:36:58 1996
To: kerberos@MIT.EDU
Date: Fri, 5 Jan 1996 14:37:00 -0500
From: John Gardiner Myers <jgm+@CMU.EDU>
mg@ac.duke.edu (Michael Grubb) writes:
> The essential difference between the Transarc login and login.krb is that
> login gets the user an AFS token, while login.krb gets the user an AFS token
> *and* a K4 ticket.
>
> This is only useful if you have either modified your K4 clients to use the
> AFS stringtokey or modified your AFS kaserver to use the MIT stringtokey.
Not true.
The string-to-key only matters to clients which do the initial
authenitcation and to clients which administer the Kerberos database
itself. Once you have an MIT v4 ticket file (say, through login.krb,
klog.krb, whatever) any old generic MIT client can use it.
I'll repeat myself. The AFS kaserver does not know or care about the
string-to-key function. It is the clients that care. The problem is
with the Transarc administrative clients, kpasswd and kas, which only
know the Transarc string-to-key.
At CMU, we've modified those two programs to know about both
string-to-keys and to prefer the MIT one. As a result, we have a
kaserver with most of the keys encoded in the MIT string-to-key.
Unfortunately, we can't distribute the modified clients because they
are encumbered by Transarc ownership.
--
_.John G. Myers Internet: jgm+@CMU.EDU
LoseNet: ...!seismo!ihnp4!wiscvm.wisc.edu!give!up
