Questions on kerb 4 vice kerb 5

[Magnus Ahltorp]

> If we trash the Transarc kaserver and use a kerberos 5 server instead
> then does that really solve the problem?  Can I use something like
> aklog and get an AFS token that works without ever using any
> vulnerable protocol?

Heimdal afslog is the program I use, and it gets AFS tokens by
converting a krb5 credential to krb4 and inserting that into the
kernel. The rxkad protocol is the weak link here, I think.

> Presuming the last is a yes, can you do the same thing with OpenAFS or
> a real Transarc thingy?

This works with all AFS implementations.

/Magnus