[OpenAFS] AFS cell to krb5 update

T. Matthew Cocker matt@cs.auckland.ac.nz
Fri, 22 Jun 2001 10:26:45 +1200 

Hi

Thanks to Ken and Nathan I now have a test AFS-Krb5 (--with-krb4) cell up 
and running with both Linux (RH7.1) and Win2K client (Transarc client with 
win2k service pack 2 does not need aklog)  getting tokens that work. The 
final nail in aklog coffin was to alter the afskrb5 migration kit configure 
script so that it configured the Makefile to use the AFS 3.5 configuration 
(not the preAFS 3.5 configuration that it was using by default). Then I 
needed to alter int32 to afs_int32 in akloc.c, added #include <k5-int.h> to 
krb_util.c (I am using RH7.1 Krb5-1.2.2 client and libafskrb rpms which 
store the include/libs for the --with-krb5 option in /usr/kerberos. I had 
to copy k5-int.h to this include and all the other .h files that it 
required from a real krb5 install). I then removed the $(LIBOBJS) entry 
from the aklog: line in the Makefile. That was it I think but there may 
have been some other things I changed but I can't remember any.

Other relevant info

compiled OpenAFS src vs 2.4.4 kernel (kernel.org)

compiled MIT krb5-1.2.2 (./configure --with-krb4)

compiled afskrb5 migration kit with

./configure --with-krb5=/usr/kerberos 
--with-afs=/usr/src/openafs-1.0.4/dest 
--with-krb5-obj=/usr/local/src/krb5-1.2.2/src

Then followed the Debian install script logs which I got out of the debian 
packages but are now available via a web site (run by Sam Hartman I think)

  Now I only have to get Mac OSX clients getting tokens? On the test cell 
the krb5 runs on the same box as AFS so I had to shutdown kaserver which is 
only a problem because I really like the windows client control center 
software and this breaks vs krb5 (I think the control center apps break 
because they do their own authentication via kaserver and don't use the 
tokens).

Does the "uss" programs in the /dest/etc work with tokens or does it do 
it's own authentication like the windows control center programs?

If so our production cell will have separate krb5 servers so can I run a 
mixed kaserver/Krb5 cell (probably only a couple of admin kaserver accounts)?

cheers,

Matt