[OpenAFS] Basic newbie question...
Derrick J Brashear
shadow@dementia.org
Sat, 24 Feb 2001 10:13:20 -0500
--On Saturday, February 24, 2001 09:00:43 AM -0500 Derek Atkins
<warlord@MIT.EDU> wrote:
> Jon Tegner <Jon.Tegner@wiglaf.se> writes:
>
>> Derek Atkins wrote:
>>
>> > The main benefit of using a real KDC instead of KAServer is that the
>> > KAServer isn't really designed to do well in terms of providing
>> > authentication for non-AFS services. So, if you want to use Kerberos
>> > to authenticate other servers, then I would recommend you really use a
>> > Kerberos KDC instead of KAServer.
>>
>> Where can one find information covering how to do this?
>
> Honestly, I'm not sure if anyone has published a document on how
> to do this. Basically, you:
> 1) Install Kerberos
> 2) Install AFS
> 3) Build (or install) "aklog" and "asetkey", which are the
> tools used to obtain AFS tokens or install an AFS KeyFile
> (for AFS Servers) from Kerberos tickets.
> 4) Continue as normal; use kinit+aklog instead of klog to get
> Kerberos Tickets + AFS Tokens
Ken Hornstein has a document describing how to do it.
Look at
http://www.landfield.com/faqs/kerberos-faq/general/section-45.html
and get the toolkit
(which includes krb5-aware aklog and asetkey)
which will include notes on how to do this