Questions on kerb 4 vice kerb 5

Magnus Ahltorp ahltorp at nada.kth.se
Thu Nov 15 11:07:50 CET 2001


> If we trash the Transarc kaserver and use a kerberos 5 server instead
> then does that really solve the problem?  Can I use something like
> aklog and get an AFS token that works without ever using any
> vulnerable protocol?

Heimdal afslog is the program I use, and it gets AFS tokens by
converting a krb5 credential to krb4 and inserting that into the
kernel. The rxkad protocol is the weak link here, I think.

> Presuming the last is a yes, can you do the same thing with OpenAFS or
> a real Transarc thingy?

This works with all AFS implementations.

/Magnus





More information about the Arla-drinkers mailing list