[OpenAFS-devel] Kerberos V, KeyFile questions
Sean O'Malley
omalleys@msu.edu
Fri, 14 May 2004 19:45:36 -0400 (EDT)
I am attempting to convert our afs test cell to auth off of kerberos V
MIT instead of kaserver.
My question revolves around the KeyFile. It LOOKS like I need the salted
passphrase for the KeyFile in order to do migrate the current users.
Is this correct? and if so, is there a program to crack this password?
I am NOT sure what the encryption is for the KeyFile I will end up using
but it was created like in circa 92 and I am not sure anyone knows it.
The last question is do the newer AFS clients support Kerberos V natively
or is that still on the "todo" list?
I am assuming I have to run krb524 and use the older encryption methods
for the stored hashes (which are incompatible with like Windows.)
We still need IV compatibility until the migration to V is complete which
will take at least a year. I would like to dump kerberos IV support
altogether. I am just wondering about the feasibility of the plan.
Sean