[OpenAFS-devel] Re: Hack Kerberos / AFS

Derrick Brashear shadow@gmail.com
Tue, 29 Sep 2009 05:04:44 -0400


On Tue, Sep 29, 2009 at 5:00 AM, Simon Wilkinson <simon@sxw.org.uk> wrote:
>
> On 29 Sep 2009, at 10:31, Remi Ferrand wrote:
>
>> Hye,
>>
>> I need help to create a little hack on Kerberos / AFS.
>
> You'd be much better off asking this question on the openafs-devel list, to
> which I've directed follows. This is definitely off-topic for krb-devel, and
> is actually not particularly Kerberos dependent at all.
>
>> My final aim is to forge Tokens (Ticket Granting Server for AFS (Andrew
>> File System)) without any passwords from the users (directly with the Master
>> Key).
>
> You don't need to use the Kerberos master key for this - you can forge AFS
> tokens using just the afs/<cell>@<REALM> key that's stored in your servers
> keyfiles. The daemon that lives behind gssklog already forges AFS tokens -
> that's probably a good location to look for code.

aklog includes such a thing based on heimdal kimpersonate