( kaserver

Info Catalog ( Converting a version 4 database ( Kerberos 4 issues
 7.4 kaserver
 7.4.1 kaserver emulation
 The Heimdal kdc can emulate a kaserver. The kaserver is a Kerberos 4
 server with pre-authentication using Rx as the on-wire protocol. The kdc
 contains a minimalistic Rx implementation.
 There are three parts of the kaserver; KAA (Authentication), KAT (Ticket
 Granting), and KAM (Maintenance). The KAA interface and KAT interface
 both passes over DES encrypted data-blobs (just like the
 Kerberos-protocol) and thus do not need any other protection.  The KAM
 interface uses `rxkad' (Kerberos authentication layer for Rx) for
 security and data protection, and is used for example for changing
 passwords.  This part is not implemented in the kdc.
 Another difference between the ka-protocol and the Kerberos 4 protocol
 is that the pass-phrase is salted with the cellname in the `string to
 key' function in the ka-protocol, while in the Kerberos 4 protocol there
 is no salting of the password at all. To make sure AFS-compatible keys
 are added to each principals when they are created or their password are
 changed, `afs3-salt' should be added to `[kadmin]default_keys'.
 For more about AFS, see the section  AFS.
 7.4.2 Transarc AFS Windows client
 The Transarc Windows client uses Kerberos 4 to obtain tokens, and thus
 does not need a kaserver. The Windows client assumes that the Kerberos
 server is on the same machine as the AFS-database server. If you do not
 like to do that you can add a small program that runs on the database
 servers that forward all kerberos requests to the real kerberos server.
 A program that does this is `krb-forward'
Info Catalog ( Converting a version 4 database ( Kerberos 4 issues
automatically generated byinfo2html