EXACTLY plus the krb4 versions had so many bad security flaws, we had no choice. when the bad krb4 bug came out last year, we removed any dependencies or backwards compatible 4 code and just use 5.
mel -----Original Message----- From: Ken Hornstein [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2003 9:52 AM To: John Rudd Cc: [EMAIL PROTECTED] Subject: Re: Windows 2000 Server as KDC >> an easier solution would be to setup a windows realm for Win2k KDC and a cross re >alm trust with a linux box in a different realm. >> > >We were doing this (with Solaris, not Linux), but when the bug and fix >for the cross-realm security hole came out a few months ago, that caused >it all to break (we need krb4 cross-realm auth because AFS is in the >picture). So, we're basically running an older un-patched krb524d in >order to keep things working ... but that doesn't make me comfortable in >the long run, so I'm looking for other solutions. So why haven't you switched to a V5 solution for AFS? Lots of people have done this, and it works just fine, even with cross-realm. This is assuming you're running a new enough version of OpenAFS, of course. --Ken ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
