[802] in Kerberos_V5_Development
Kerberos-2 is going to be running an experimental KDC...
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Fri Jul 24 16:11:20 1992
Date: Fri, 24 Jul 92 16:09:25 -0400
From: tytso@Athena.MIT.EDU (Theodore Ts'o)
To: network@Athena.MIT.EDU
Cc: krbdev@Athena.MIT.EDU
Just to let everybody know....
I've done a first level audit of the Kerberos v5 KDC, and I'm reasonably
certain that there is no way that user's keys could be compromised by
it. So, I'm going to be running it on the second Kerberos slave (fmult)
so we run a v5 KDC with production data. The v5 KDC has the version 4
compatibility code turned on, so fmult will continue to handle any v4
requests that are sent to it.
In fact, if you're *really* adventurous, and would like to help test the
V4 compatibility code, you can change your /etc/athena/krb.conf file to
read:
ATHENA.MIT.EDU kerberos-2.mit.edu
ATHENA.MIT.EDU kerberos.mit.edu admin server
ATHENA.MIT.EDU kerberos-1.mit.edu
ATHENA.MIT.EDU kerberos-3.mit.edu
You shouldn't notice any differences, except of course that password
changes and srvtab changes will take a day to propagate over to the
slave.
If you notice any problems with fmult, please let me know, paging me if
necessary. Thanks!
- Ted
