[OpenAFS-devel] Document for authenticating against MIT K5/krb524d ?

Thu, 10 Jan 2002 16:17:16 -0500 (EST)

On Wed, 9 Jan 2002, Adam Thornton wrote:

> This is a brand new cell and realm: there is no existing data to be
> migrated.  So do I just need an afs@REALM principal on the KDC, and
> ka-forwarder in place on the OpenAFS machines?  There are no preexisting
> keys or kvnos that I have; do I still need to create them with kaserver
> and then migrate them, or can I just create them on the KDC?  Do I just
> skip creating the kaserver with bos and instead create a ka-forwarder?

You need a ka-forwarder only if you are running a fakeka on your KDC, and
only if you need to support AFS clients that will use 'klog'.  Otherwise,
don't bother.