[OpenAFS] When Using Kerberos5 is klog necessary?

John Hascall john@iastate.edu
Tue, 30 Dec 2003 19:54:28 CST



> John Hascall <john@iastate.edu> writes:
> 
> >> But WHY would you want to do something silly like that?
> >> -derek
> >
> > We run fakeka (and kaforwarder):
> >   a) so pure AFS machines/cells can access our cell
> I don't care about them, because they can't authenticate to my cell
> anyways -- the don't have IDs, only cross-real, and klog doesn't support
> that.

Not caring is not a luxury I have.

> >   b) so the Transarc PC AFS clients work
> Except the Transarc PC AFS clients use the krb4 udp protocol, not kas.
> So you don't need fakeka for them -- you just need to handle krb4
> requests.

But it sends them to your afs-db machine(s) not your MIT KDC.
Hence kaforwarder (which I have perverted to forward those to fakeka as well).

John

> > John
> 
> -derek
> 
> >> David Botsch <dwb7@ccmr.cornell.edu> writes:
> >> 
> >> > If you use the fakeka included in the krb5 migration kit, then, you can
> >> > continue to use klog just as you did before. No kinit + aklog necessary.
> >> >
> >> > On Tue, Dec 30, 2003 at 03:03:54PM -0500, Derek Atkins wrote:
> >> >> With krb5 you use a combination of kinit + aklog
> >> >> The only documentation I know if is in the Wiki and email archives.
> >> >> 
> >> >> -derek
> >> >> 
> >> >> Fredrick Paul Eisele <fred@netarx.com> writes:
> >> >> 
> >> >> > Is klog no longer necessary with kerberos 5?
> >> >> > Is kinit used instead?
> >> >> > Is there documentation for using kerberos 5 with AFS?
> >> >> >
> >> >> > Our current cell uses afs 1.2.8 and kerberos 4.
> >> >> >
> >> >> >
> >> >> > _______________________________________________
> >> >> > OpenAFS-info mailing list
> >> >> > OpenAFS-info@openafs.org
> >> >> > https://lists.openafs.org/mailman/listinfo/openafs-info
> >> >> >
> >> >> >
> >> >> 
> >> >> -- 
> >> >>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> >> >>        Member, MIT Student Information Processing Board  (SIPB)
> >> >>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
> >> >>        warlord@MIT.EDU                        PGP key available
> >> >> _______________________________________________
> >> >> OpenAFS-info mailing list
> >> >> OpenAFS-info@openafs.org
> >> >> https://lists.openafs.org/mailman/listinfo/openafs-info
> >> >
> >> > -- 
> >> > ********************************
> >> > David William Botsch
> >> > Consultant/Advisor II
> >> > CCMR Computing Facility
> >> > dwb7@ccmr.cornell.edu
> >> > ********************************
> >> > _______________________________________________
> >> > OpenAFS-info mailing list
> >> > OpenAFS-info@openafs.org
> >> > https://lists.openafs.org/mailman/listinfo/openafs-info
> >> >
> >> >
> >> 
> >> -- 
> >>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> >>        Member, MIT Student Information Processing Board  (SIPB)
> >>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
> >>        warlord@MIT.EDU                        PGP key available
> >> _______________________________________________
> >> OpenAFS-info mailing list
> >> OpenAFS-info@openafs.org
> >> https://lists.openafs.org/mailman/listinfo/openafs-info
> >> 
> >
> >
> >
> 
> -- 
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available
>