[OpenAFS] MIT krb5 w/OpenAFS

J. Maynard Gelinas gelinas@lns.mit.edu
Wed, 1 Aug 2001 14:14:25 -0400 (EDT)


  Hello,

  I've looked through the archived message lists, read the MIT Kerberos
and grand.central.org AFS FAQ, read Joe Jackson's page regarding
Kerberos/AFS integration, etc etc etc. But I'm having a very hard time
figuring out what documentation and tools are necessary given that the
documentation assumes a prior version of Kerberos 5.

  Here's where I'm at:

  I've got the client software running properly. I can set the realm to
the MIT athena kerberos servers, authenticate, generate a KRB4 ticket, and
get the MIT aklog to generate an AFS authentication token for my test
client. So I know that works. However, I want to create my own realm and
set up a departmental AFS cell. I have a test kerberos server running
(behind a NAT/Firewall for now), I have the client able to authenticate
against the server, but for the life of me I can't figure out how to
generate a proper key for the afs principle to get client side afs
authentication going.

  Given the changes in MIT Kerberos, could someone list what parts of this
documentation are relevant? Just what do I have to do? Do I still need
ext_srvtab and asetkey? Can someone point me to a set of step by step
instructions?

  BTW: running RH7.x Linux, modern kernel, Kerberos-1.2.2, OpenAFS-1.0.4a.
However, I've found the kernel modules in the RPMS all seem to have symbol
conflicts when loading, so I've built my own. Works against the athena AFS
servers, so I'm assuming it ought to work once I get my cell functioning.

TIA,
--Maynard