[OpenAFS-devel] Modifing afscreds.exe on W2K to useLSACallAuthenticationPackage

Derek Atkins warlord@MIT.EDU
16 Jun 2003 18:39:59 -0400 

Supposedly there is a way to request tickets without all the PAC
garbage in it.

-derek

"Neulinger, Nathan" <nneul@umr.edu> writes:

> Unfortunately, most users who are using k5 on windows are probably using
> it with AD, and with AD you're screwed if you use groups, cause your
> tickets get enormous. That's why my modified krb524d has to decrypt and
> strip off the extra ticket data, then re-encrypt, in order to use
> rxkad2b. 
> 
> For non-AD sites, it might work. 
> 
> -- Nathan
> 
> ------------------------------------------------------------
> Nathan Neulinger                       EMail:  nneul@umr.edu
> University of Missouri - Rolla         Phone: (573) 341-4841
> Computing Services                       Fax: (573) 341-4216
> 
> 
> > -----Original Message-----
> > From: Douglas E. Engert [mailto:deengert@anl.gov] 
> > Sent: Monday, June 16, 2003 3:11 PM
> > To: openafs-devel@openafs.org
> > Subject: [OpenAFS-devel] Modifing afscreds.exe on W2K to 
> > useLSACallAuthenticationPackage
> > 
> > 
> > 
> > Has anyone looked at modifing the afscreds.exe to use the 
> > Microsoft LSACallAuthenticationPackage to get a K5 ticket
> > for afs@realm? It looks like this would be an easy way to
> > get a token, now that OpenAFS can take a K5 ticket as a token.
> > 
> > This should easily work when the cellname == realmname.
> > 
> >  
> > 
> > 
> > 
> > -- 
> > 
> >  Douglas E. Engert  <DEEngert@anl.gov>
> >  Argonne National Laboratory
> >  9700 South Cass Avenue
> >  Argonne, Illinois  60439 
> >  (630) 252-5444
> > _______________________________________________
> > OpenAFS-devel mailing list
> > OpenAFS-devel@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-devel
> > 
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available