[OpenAFS] Kerberos with AFS

Derrick J Brashear shadow@dementia.org
Tue, 22 May 2001 10:43:07 -0400

>> > 7. What special configuration, maybe patches does kerberos need for AFS
>> > integration? (key types...)
>> Patches: with modern MIT or Heimdal, none. The rest depends if you're
>> converting from an old kaserver database or starting a new cell. If
>> you're starting a new cell, merely supporting v4-salted keys is
>> sufficient; If you're converting an old database you'll need to
>> configure to use afs3 salted keys with an appropriate cell name.
> See the post of me and Forrest Whitcher about the key problematic.
> Mention that the krb principal "host/name.of.machine.domain" get
> translated to the afs principal "rcmd.name".

That would be "the krb5 principal "host/name.of.machine.domain" gets
translated to the krb4 principal "rcmd.name".

As you mentioned, AFS happens to be a krb4 service, and these are merely 
kerberos 5 and 4 conventions respectively.