On Tuesday, Jul 22, 2003, at 07:52 US/Pacific, Ken Hornstein wrote:
an easier solution would be to setup a windows realm for Win2k KDC and a cross realm trust with a linux box in a different realm.
We were doing this (with Solaris, not Linux), but when the bug and fix
for the cross-realm security hole came out a few months ago, that caused
it all to break (we need krb4 cross-realm auth because AFS is in the
picture). So, we're basically running an older un-patched krb524d in
order to keep things working ... but that doesn't make me comfortable in
the long run, so I'm looking for other solutions.
So why haven't you switched to a V5 solution for AFS? Lots of people have done this, and it works just fine, even with cross-realm. This is assuming you're running a new enough version of OpenAFS, of course.
We're not running OpenAFS. Still Transarc AFS.
I hadn't heard that there's a pure krb5 solution for AFS, though ... even with OpenAFS.
John
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
