[OpenAFS] Puzzler: lack of access to AFS files
John Hascall
john@iastate.edu
Wed, 12 Dec 2007 14:13:30 CST
> John Hascall wrote:
> > Would it work to modify the KDC such that when it hands out
> > an afs/<cell>@REALM ticket for a TGT with a client name that
> > is in the sconv table (like my sysadmin/asw.iastate.edu@IASTATE.EDU)
> > that it 'K4-izes' that name (to sysadmin/asw in this case) in the
> > returned ticket? (Thus obviating the need to futz with the code
> > on every AFS server.)
> > Or is that just too hideous?
> Sounds like the tail waging the dog. There are KDCs used with AFS
> that are not modifiable, and don't support any k4. You don't want to
> fiddle with the K5 protocols either. the Its time to get AFS 'k5-izes'.
Yes, it would be lovely if AFS was 100% K5. (If it was, all this would
already be working!) But, that's not something *I* can make happen.
I can, however, modify my KDC. And I'm not sure why I would
(a) care about KDCs used with AFS that are not modifiable, or
(b) care about lack of K4 support in the KDC.
John