[OpenAFS] OpenAFS Project List

Stephen Joyce stephen@physics.unc.edu
Wed, 14 Mar 2001 09:37:35 -0500 (EST)

On Tue, 13 Mar 2001, Derrick J Brashear wrote:

> Some corrections to this table
> On Tue, 13 Mar 2001, Laura Stentz wrote:
> > |------------------+--------------+---------------+----------------------|
> > | Project          | Status       | Priority      | Contact Points       |
> > | Description      |              |               |                      |
> > |------------------+--------------+---------------+----------------------|
> > | Kerberos v. 5    | In progress  | N/A           | Ken Hornstein, Doug  |
> > |                  |              |               | Englert              |
> This doesn't really refer to a project; There's no "progress" to be made.
> Doug and Ken have made available tools to enable the use of AFS in a
> Kerberos 5 environment, in preference to the use of the kaserver.

While it is true that these tools exist, I would not agree that there's no
progree to be made!  The afs-krb5 migration kit is quite handy (we've
been using it for several years now--thanks Ken and Doug!) it does have
shortcomings.  It isn't for the faint-of-heart to compile or configure, and
the newest revision of kerberos 5 that it will work with is  v1.0.6, which
has significant security problems--fixed in the newest versions.  (We also
have an issue where Windows clients fail miserably when authenticating
against our krb5-bastardized AFS cell, but the lack of discussion of this
issue leads me to believe that this is either a local problem or else very
few sites are actively using the migration kit).

Don't get me wrong, the afs-krb5 migration kit is nice; it just needs a bit
more active maintenance IMHO...

PS.  I'd appreciate hearing what other sites are using the 'kit (especially
if you have Windows clients successfully authenticating against it).

Stephen Joyce
Systems Administrator                                            P A N I C
Physics & Astronomy Department                         Physics & Astronomy
University of North Carolina at Chapel Hill         Network Infrastructure
voice: (919) 962-7214                                        and Computing
fax: (919) 962-0480                               http://www.panic.unc.edu