[OpenAFS] Mit Krb5 and OpenAFS
Charles Clancy
security@xauth.net
Tue, 15 Jan 2002 15:32:16 -0600 (CST)
> I have read a bunch of the mailling list and i am confused now. I have
> a working Kerb V5 realm that i have tested and now know works. From
> prior documentation i have to use the Migration Kit with aklog to
> integrate with OpenAFS. But a recent thread has led me to believe
> (subject: kaserver date: early jan 2002) that this may not be true
> anymore. What is the status of openafs and krb5?
>
> What then are the steps to bringing up AFS do you just follow the quickstart
> guide minus telling the bos server to create the kaserver?
If you have a working realm, and just want to add AFS, it's not that
difficult. You won't need to use the "migration" part of the kit --
moving entries from the kaserver to Kerberos.
First, setup your AFS cell, but don't do the kaserver part. Then,
download the migration kit. It has documentation that explains everything
pretty clearly. You'll need to setup the key between AFS and Kerberos
(with asetkey), compile aklog, and you should be ready to go. Of course,
you'll need to create ptserver entries for all your kerberos principles.
--
t. charles clancy <> tclancy@uiuc.edu <> www.uiuc.edu/~tclancy