[OpenAFS] MIT Kerberos V authentication with OpenAFS
Fabian Aichele
faichele@primusnetz.de
Mon, 4 Mar 2002 13:32:00 +0100
Hello!
I am trying to use MIT's Kerberos V as a replacement for the OpenAFS
kaserver.
I've got bot Kerberos and OpenAFS up and running fine (i. e. I can get
Kerberos tickets, and I can access/modify my afs volumes etc.).
I've found several guides how to replace kaserver with MIT Kerberos V around
the net, but each one requires different setup steps. So, before I mess up
my running setup, I'd be glad to get hints/comments/suggestions.
I'd proceed as following:
- Create a Kerberos principal afs@MY.AFS.CELL.NAME with MIT's kadmin
- Modify the principal's kvno so that is higher than all kvno's of the keys
that "bos listkeys" shows me.
- Extract the key for this principal into the krb5 keytab.
- Use asetkey to add the key to the AFS KeyFile.
- Stop the kaserver instance, start krb524d, and ready???
Do I miss something? Will I do something wrong with these steps? Or is this
list the wrong place to ask?
Regards,
Fabian Aichele