[OpenAFS] OpenAFS Project List

[Jim Barlow]

Our site has been using the migration kit since the beginning of 1998.
We ran into a number of other problems along the way because we decided
to have our realm name different that our cell name (don't ask why, we're
still not sure).  We also have it working with Win boxes using aklog.
If you are interested you can take a look at a brief writeup I once did on
our migration (why we did it and problems we ran into):

   http://www.ncsa.uiuc.edu/General/CC/kerberos/afs_krb5_migration.html


> >(We also
> >have an issue where Windows clients fail miserably when authenticating
> >against our krb5-bastardized AFS cell, but the lack of discussion of this
> >issue leads me to believe that this is either a local problem or else very
> >few sites are actively using the migration kit).
> 
> Are you using the native tools for authentication?  The problem (which
> actually has been discussed many times here) is that the Windows client
> doesn't use the rxkad-based authentication protocol, but does Kerberos V4
> to the database servers (as far as we can tell, no one really knows _why_
> this is, but there you have it).
> 
> You can do one of the following things:
> 
> - Use a windows aklog
> - Add your V5 KDCs to your list of database servers on your windows clients.

-- 
James J. Barlow   <jbarlow@ncsa.uiuc.edu>
Senior System Engineer
National Center for Supercomputing Applications    Voice : (217)244-6403
605 East Springfield Avenue   Champaign, IL 61820   Cell : (217)840-0601
http://www.ncsa.uiuc.edu/People/jbarlow              Fax : (217)244-1987