Everhart, Glenn (FUSA)
From:	levitte@lp.se
Sent:	Monday, April 19, 1999 10:01 AM
To:	Info-VAX@Mvb.Saic.Com
Subject:	Re: Secure + Encrypted Telnet in VMS 7.1
In article <1999Apr18.174425.1@sldb4.slac.stanford.edu> fairfield@sldb4.slac.stanford.edu writes:

   > Eudora supports Kerberos.  NCSA telnet for Mac has had Kerberos
   > support for a long time.

	   When we were looking into this, about  2 - 3 years ago, this was
       not the case...  :-(

Oh...  Curious, I recall running at least NCSA telnet 2-3 years ago.
And I'm pretty sure Eudora had the KPOP option then as well...

Anyway, this part is becoming mere bickering, so let's skip this:

       (This  may  have  changed,  or may not have, I  don't  know...)  And
       finally, the (SLAC) unix people told us  we  absolutely,  positively
       needed  to use AFS/Kerberos in order to access the AFS file systems,

I just asked the local guru's (no, I'm not a AFS guru).  One said that
you don't need Transarc's kaserver, all you need is to give the file,
protection and vldb server the right privileges, through the right krb
ticket and afs token.  The magic is said to be that afs@REALM has the
same DesKey as the servers have in their KeyFile.  This makes sense,
since that should make it possible for the AFS servers to talk to
anything that has that key.

However, it seems that the user management program (kas) is a
combination of kadmin (the kerberos admin program) and pts (the
protection admini program), which makes it more practical.

       that is, both remotely and locally.  It was not that we couldn't use
       _another_ Kerberos implementation in  addition  to AFS, but that AFS
       required Transarc's version and that the unix admins didn't want to,
       and saw no need to, support _another_ Kerberos, i.e., K5.  :-( :-(

I've no idea, BTW, if AFS supports krb5 these days.

Anyway, Ken, this thread has actually been a learning experience for
me too.  I have more knowlege about AFS than I ever wished to know,
but it's also a good thing; now I know why I will never port any AFS
(Yes, people have tried to push me to do that as well) to VMS (there
are details to AFS ACL's that are too different, giving semantic
clashes, that's why).

-- 
             NEWBIE!  read and heed the Guidelines on Posting:
               http://richard.levitte.org/docs/post_hlp.html
--- 
R Levitte, Levitte Programming;  Spannv. 38, I;  S-168 35  Bromma;  SWEDEN
    Tel: +46-8-26 52 47; Cell: +46-708-26 53 44; Fax: +46-708-26 53 88
  PGP key fingerprint = 35 3E 6C 9E 8C 97 85 24  BD 9F D1 9E 8F 75 23 6B
 http://richard.levitte.org/pubkey2.asc for my public key.  levitte@lp.se

          "price, performance, quality.  Choose any two you like"