Subject: Re: lib/4204 and libkafs
To: Johan Danielsson <>
From: Bill Studenmund <skippy@macro.Stanford.EDU>
List: current-users
Date: 02/11/1999 11:01:13
[Ahhh, one of my PR's]

On 11 Feb 1999, Johan Danielsson wrote:

> Hmm, out of curiosity: why was libkafs imported into the main sources
> in the first place? Since AFS never was part of the normal
> distribution, a library for dealing with it seems a bit out of place.
> Where is it used?

It's lib k afs, and does kerberos-in-an-afs-environment kinda things.

To understand pr 4204, you need a little history (Johan probably has it
since it's in the pr, but not everyone else might). Kerberos verifies your
password by sending your machine a packet encrypted with a key derived
from your cleartext password. The client takes your typed-in password,
generates an encryption key, and trys to decrypt the packet. If it
succeeds, you typed in the correct password.

When you're running AFS, you use a different string2key algorythm than in
normal kerberos. I don't know why. By linking libkafs before libkrb,
though, you'd automatically get the afs string2key instead of the MIT

At rpesent, though, we've changed the libkrb routines to first try the MIT
string2key, and, if that fails due to bad password, we try the afs
string2key. So you don't need to make the afs-vs-no afs decision at
compile time.

I'm not sure what the remaining part of libkafs does, though.

Take care,