[OpenAFS] MIT Kerberos V authentication with OpenAFS

Jason Garman jgarman@wedgie.org
Mon, 4 Mar 2002 10:52:59 -0500

On Mon, Mar 04, 2002 at 01:32:00PM +0100, Fabian Aichele wrote:
> Hello!
> I am trying to use MIT's Kerberos V as a replacement for the OpenAFS
> kaserver.
> I've got bot Kerberos and OpenAFS up and running fine (i. e. I can get
> Kerberos tickets, and I can access/modify my afs volumes etc.).
> I've found several guides how to replace kaserver with MIT Kerberos V around
> the net, but each one requires different setup steps. So, before I mess up
> my running setup, I'd be glad to get hints/comments/suggestions.
> I'd proceed as following:
> - Create a Kerberos principal afs@MY.AFS.CELL.NAME with MIT's kadmin
> - Modify the principal's kvno so that is higher than all kvno's of the keys
> that "bos listkeys" shows me.
> - Extract the key for this principal into the krb5 keytab.
> - Use asetkey to add the key to the AFS KeyFile.
> - Stop the kaserver instance, start krb524d, and ready???
There's no need to start kaserver or create an AFS KeyFile through AFS
but yes this is the basic set of events.  You can find what I wrote on the
subject at

feel free to contribute ... this topic is one that is not documented very
well, and frustrating to work with.

Jason Garman / jgarman@wedgie.org