[226] in Info-AFS_Redistribution
Re: MIT vs. AFS Kerberos (for POP)
daemon@ATHENA.MIT.EDU (Paul Traina)
Sat Jul 20 16:11:50 1991
From: Paul Traina <pst@stanford.edu>
To: James Ault <ault@rpi.edu>
Cc: info-afs@transarc.com
In-Reply-To: Your message of "Fri, 19 Jul 91 12:02:25 EDT."
Date: Sat, 20 Jul 91 12:40:56 -0700
From: James Ault <ault@rpi.edu>
Subject: MIT vs. AFS Kerberos (for POP)
However, now I am trying to modify MH (specifically POP) to use the
AFS kerberos libraries. I have some code that uses MIT kerberos, but
it seems that I will need to modify that to use the AFS library calls
instead of krb_sendauth and krb_recvauth.
1) Is it possible to link with athena Kerberos libraries and have
those programs talk to AFS kerberos servers?
no
2) If the answer to #1 is No, and I have to modify the code to use AFS
library calls, how should I go about it?
I'm afraid I haven't looked into that. At Stanford, we use MIT kerberos
servers to generate MIT tickets, which we then transform into AFS tokens.
(This is the same setup used at MIT.) However, since I've announced my
resignation, I've been trying to convert things back to a more simple and
sane solution. (The AFS kerberos servers have much better management tools,
they are distributed (i.e. the slave code *works* unlike kprop/kpropd which
was a good idea but the world's biggest and most unreliable kludge (flame)).
What you _might_ consider doing is modifying the MIT kerberos libraries to
read/write AFS tokens at the bottom end and using the Transarc string-to-key
routine rather than the MIT one. Then you could generate arbitrary keys
in your transarc database. You still may have to deal with the fact that
Transarc doesn't have a concept of an instance (or do they? I don't think
so, but I'm not certain anymore.)
