[OpenAFS] libkrb524 for Heimdal?
Miroslav Ruda
ruda@ics.muni.cz
Tue, 15 May 2001 16:50:57 +0200 (CEST)
Derrick J Brashear wrote:
> Why? Heimdal includes:
> -support for copying a real kaserver database to heimdal (use hprop and
> hpropd assuming you configure --enable-kaserver-db)
> -a krb5 aklog equivalent (afslog. actually it's not quite the same but
> it's close)
> -support for a kaserver for authentication built into the KDC
Has anyone experiences with HeimdalxMIT compatibility in aklog/afslog?
When I did last tests, Heimdal and MIT ways for getting tokens were absolutely
incompatible. Currently there is some krb524 support in Heimdal which
hopefully can be used for getting tokens using MIT aklog agains Heimdal KDC.
But what about inverse situation? Do you know how to get token (using Heimdal
binaries) from MIT KDC? Or how to support with afslog situation where servers
for some AFS realm are serverd by Heimdal and servers for other AFS realm are
serverd by MIT KDC?
I can use some "wrapper shell script" to call aklog/afslog for appropriate AFS
cells, but in Heimdal there is obtaining tokens compiled directly to servers
like telnetd/rshd/sshd without calling any external binaries. It's fine
solution in pure Heimdal environment, but in situation when I have several AFS
realms servered both by Heimdal and MIT it's unpractical.
Mirek Ruda