[OpenAFS] When Using Kerberos5 is klog necessary?
Derek Atkins
warlord@MIT.EDU
Wed, 31 Dec 2003 09:45:58 -0500
you provide a program like MIT does, called "renew", and teach your
users to use that... It runs kinit, aklog, and lots of other stuff
to renew your authentication..
-derek
David Botsch <dwb7@ccmr.cornell.edu> writes:
> And when your tokens expire or get blown away by something (or for some weird
> reason ssh doesn't do the right thing)?
>
> On Tue, Dec 30, 2003 at 08:47:44PM -0500, Derek Atkins wrote:
>> David Botsch <dwb7@ccmr.cornell.edu> writes:
>>
>> > So that you can slowly migrate over to krb5 and not break most stuff that
>> > already works.
>> >
>> > And, you can be transparent to end users in the process.
>> >
>> > 1. Fix anything that doesn't work with fakeka.
>> > 2. turn off kaserver and turn on krb5 w. fake ka. End users won't have to
>> > change the way they do stuff cuz it still works.
>> > 3. Migrate end user tools from krb4 to krb5 and then turn off fakeka when
>> > you're done.
>> >
>> > Finally, ease of use.
>> >
>> > Why would I want to tell end users they have to type in two commands to
>> > get tokens instead of one? Most can barely handle just typing in "klog".
>>
>> One phrase: "integrated login"
>>
>> I don't have to type in any commands.. My login program does it all for me.
>>
>> -derek
>>
>> > On Tue, Dec 30, 2003 at 07:59:55PM -0500, Derek Atkins wrote:
>> >> But WHY would you want to do something silly like that?
>> >>
>> >> -derek
>> >>
>> >> David Botsch <dwb7@ccmr.cornell.edu> writes:
>> >>
>> >> > If you use the fakeka included in the krb5 migration kit, then, you can
>> >> > continue to use klog just as you did before. No kinit + aklog necessary.
>> >> >
>> >> > On Tue, Dec 30, 2003 at 03:03:54PM -0500, Derek Atkins wrote:
>> >> >> With krb5 you use a combination of kinit + aklog
>> >> >> The only documentation I know if is in the Wiki and email archives.
>> >> >>
>> >> >> -derek
>> >> >>
>> >> >> Fredrick Paul Eisele <fred@netarx.com> writes:
>> >> >>
>> >> >> > Is klog no longer necessary with kerberos 5?
>> >> >> > Is kinit used instead?
>> >> >> > Is there documentation for using kerberos 5 with AFS?
>> >> >> >
>> >> >> > Our current cell uses afs 1.2.8 and kerberos 4.
>> >> >> >
>> >> >> >
>> >> >> > _______________________________________________
>> >> >> > OpenAFS-info mailing list
>> >> >> > OpenAFS-info@openafs.org
>> >> >> > https://lists.openafs.org/mailman/listinfo/openafs-info
>> >> >> >
>> >> >> >
>> >> >>
>> >> >> --
>> >> >> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>> >> >> Member, MIT Student Information Processing Board (SIPB)
>> >> >> URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
>> >> >> warlord@MIT.EDU PGP key available
>> >> >> _______________________________________________
>> >> >> OpenAFS-info mailing list
>> >> >> OpenAFS-info@openafs.org
>> >> >> https://lists.openafs.org/mailman/listinfo/openafs-info
>> >> >
>> >> > --
>> >> > ********************************
>> >> > David William Botsch
>> >> > Consultant/Advisor II
>> >> > CCMR Computing Facility
>> >> > dwb7@ccmr.cornell.edu
>> >> > ********************************
>> >> > _______________________________________________
>> >> > OpenAFS-info mailing list
>> >> > OpenAFS-info@openafs.org
>> >> > https://lists.openafs.org/mailman/listinfo/openafs-info
>> >> >
>> >> >
>> >>
>> >> --
>> >> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>> >> Member, MIT Student Information Processing Board (SIPB)
>> >> URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
>> >> warlord@MIT.EDU PGP key available
>> >> _______________________________________________
>> >> OpenAFS-info mailing list
>> >> OpenAFS-info@openafs.org
>> >> https://lists.openafs.org/mailman/listinfo/openafs-info
>> >
>> > --
>> > ********************************
>> > David William Botsch
>> > Consultant/Advisor II
>> > CCMR Computing Facility
>> > dwb7@ccmr.cornell.edu
>> > ********************************
>> >
>> >
>>
>> --
>> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>> Member, MIT Student Information Processing Board (SIPB)
>> URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
>> warlord@MIT.EDU PGP key available
>> _______________________________________________
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
>
> --
> ********************************
> David William Botsch
> Consultant/Advisor II
> CCMR Computing Facility
> dwb7@ccmr.cornell.edu
> ********************************
>
>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available