-
Notifications
You must be signed in to change notification settings - Fork 177
Serving Kerberos 4 524 kaserver
Heimdal can be configured to support 524, Kerberos 4 or kaserver.
All these services are turned off by default.
Kerberos 4 is always supported by the KDC, but the Kerberos 4 client support depends on Kerberos 4 support having been included at compile-time, using --with-krb4=dir
.
524 is a service that allows the KDC to convert Kerberos 5 tickets to Kerberos 4 tickets for backward compatibility. See also Using 2b tokens with AFS.
Kerberos 4 is the predecessor to to Kerberos 5. It only supports single DES. You should only enable Kerberos 4 support if you have the need for compatibility with an installed base of Kerberos 4 clients/servers.
Kerberos 4 can be turned on in the configuration file with the following syntax/stanza:
[kdc]
enable-kerberos4 = yes
Kaserver is a Kerberos 4 that is used in AFS. The protocol has some extra features over plain Kerberos 4, but like Kerberos 4, only uses single DES.
You should only enable Kaserver support if you have needs for compatibility with an installed base of AFS machines.
Kaserver can be turned on in the configuration file with the following syntax/stanza:
[kdc]
enable-kaserver = yes