[OpenAFS] MIT Kerberos V authentication with OpenAFS
Jason Garman
jgarman@wedgie.org
Mon, 4 Mar 2002 10:52:59 -0500
On Mon, Mar 04, 2002 at 01:32:00PM +0100, Fabian Aichele wrote:
> Hello!
>
> I am trying to use MIT's Kerberos V as a replacement for the OpenAFS
> kaserver.
> I've got bot Kerberos and OpenAFS up and running fine (i. e. I can get
> Kerberos tickets, and I can access/modify my afs volumes etc.).
> I've found several guides how to replace kaserver with MIT Kerberos V around
> the net, but each one requires different setup steps. So, before I mess up
> my running setup, I'd be glad to get hints/comments/suggestions.
> I'd proceed as following:
> - Create a Kerberos principal afs@MY.AFS.CELL.NAME with MIT's kadmin
> - Modify the principal's kvno so that is higher than all kvno's of the keys
> that "bos listkeys" shows me.
> - Extract the key for this principal into the krb5 keytab.
> - Use asetkey to add the key to the AFS KeyFile.
> - Stop the kaserver instance, start krb524d, and ready???
>
There's no need to start kaserver or create an AFS KeyFile through AFS
but yes this is the basic set of events. You can find what I wrote on the
subject at
http://grand.central.org/twiki/bin/view/AFSLore/?topic=KerberosAFSInstall
feel free to contribute ... this topic is one that is not documented very
well, and frustrating to work with.
enjoy
--
Jason Garman / jgarman@wedgie.org