[OpenAFS] Questions about AFS security

[Charles Clancy]

> > Also, I am still a tad confused on the Windows story.  I thought that
> > the current OpenAFS Windows distribution installs a v4 klog, and hooks
> > it in to the Windows logon process.  Is this not the case?
>
> ... In Kerberos 5 environment, I believe users use "aklog.exe", which
> is not a part of the AFS Windows client distribution. Charles Clancy
> or someone else on the list must know where to get this program.

Option 1: You can certainly build it yourself, from the migration kit.

Option 2: ftp://ftp.cmf.nrl.navy.mil/pub/kerberos5/
Download the README, and cd into the specified directory.  Download
krb5-win32.exe.  This self-extracting zip file contains all the required
files, including a krb5 client, kerberized telnet and ftp, and aklog.

When combined with the "don't authenticate" (something like that) flags
for the win95/98/me client, or the unmodified winnt/2k/xp client,
everything works quite nicely.

--
t. charles clancy <> tclancy@uiuc.edu <> www.uiuc.edu/~tclancy