[OpenAFS-devel] Modifing afscreds.exe on W2K to
useLSACallAuthenticationPackage
Douglas E. Engert
deengert@anl.gov
Mon, 16 Jun 2003 16:58:15 -0500
"Neulinger, Nathan" wrote:
>
> Unfortunately, most users who are using k5 on windows are probably using
> it with AD, and with AD you're screwed if you use groups, cause your
> tickets get enormous. That's why my modified krb524d has to decrypt and
> strip off the extra ticket data, then re-encrypt, in order to use
> rxkad2b.
Good point. I saw a MS article the other day where they increased the
maximum size of ticket from 8000 to 12000 bytes. Someone must have
bumped up against this limit!
>
> For non-AD sites, it might work.
>
> -- Nathan
>
> ------------------------------------------------------------
> Nathan Neulinger EMail: nneul@umr.edu
> University of Missouri - Rolla Phone: (573) 341-4841
> Computing Services Fax: (573) 341-4216
>
> > -----Original Message-----
> > From: Douglas E. Engert [mailto:deengert@anl.gov]
> > Sent: Monday, June 16, 2003 3:11 PM
> > To: openafs-devel@openafs.org
> > Subject: [OpenAFS-devel] Modifing afscreds.exe on W2K to
> > useLSACallAuthenticationPackage
> >
> >
> >
> > Has anyone looked at modifing the afscreds.exe to use the
> > Microsoft LSACallAuthenticationPackage to get a K5 ticket
> > for afs@realm? It looks like this would be an easy way to
> > get a token, now that OpenAFS can take a K5 ticket as a token.
> >
> > This should easily work when the cellname == realmname.
> >
> >
> >
> >
> >
> > --
> >
> > Douglas E. Engert <DEEngert@anl.gov>
> > Argonne National Laboratory
> > 9700 South Cass Avenue
> > Argonne, Illinois 60439
> > (630) 252-5444
> > _______________________________________________
> > OpenAFS-devel mailing list
> > OpenAFS-devel@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-devel
> >
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444