[OpenAFS] OpenAFS Project List
Stephen Joyce
stephen@physics.unc.edu
Wed, 14 Mar 2001 09:37:35 -0500 (EST)
On Tue, 13 Mar 2001, Derrick J Brashear wrote:
> Some corrections to this table
>
> On Tue, 13 Mar 2001, Laura Stentz wrote:
>
> > |------------------+--------------+---------------+----------------------|
> > | Project | Status | Priority | Contact Points |
> > | Description | | | |
> > |------------------+--------------+---------------+----------------------|
> > | Kerberos v. 5 | In progress | N/A | Ken Hornstein, Doug |
> > | | | | Englert |
>
> This doesn't really refer to a project; There's no "progress" to be made.
> Doug and Ken have made available tools to enable the use of AFS in a
> Kerberos 5 environment, in preference to the use of the kaserver.
While it is true that these tools exist, I would not agree that there's no
progree to be made! The afs-krb5 migration kit is quite handy (we've
been using it for several years now--thanks Ken and Doug!) it does have
shortcomings. It isn't for the faint-of-heart to compile or configure, and
the newest revision of kerberos 5 that it will work with is v1.0.6, which
has significant security problems--fixed in the newest versions. (We also
have an issue where Windows clients fail miserably when authenticating
against our krb5-bastardized AFS cell, but the lack of discussion of this
issue leads me to believe that this is either a local problem or else very
few sites are actively using the migration kit).
Don't get me wrong, the afs-krb5 migration kit is nice; it just needs a bit
more active maintenance IMHO...
PS. I'd appreciate hearing what other sites are using the 'kit (especially
if you have Windows clients successfully authenticating against it).
Cheers,
Stephen
--
Stephen Joyce
Systems Administrator P A N I C
Physics & Astronomy Department Physics & Astronomy
University of North Carolina at Chapel Hill Network Infrastructure
voice: (919) 962-7214 and Computing
fax: (919) 962-0480 http://www.panic.unc.edu