[OpenAFS] Authenticating against krb5-only KDC (active directory)

Neulinger, Nathan nneul@umr.edu
Thu, 7 Mar 2002 08:49:47 -0600


You still need krb524d. That's what aklog talks to to convert tickets to
afs tokens.

ADS =3D> Krb5-tickets-in-LSA-cache =3D=3Dms2mit=3D> =
krb5-tickets-in-ccache
=3D=3Daklog talking to krb524d=3D> afs tokens

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216


> -----Original Message-----
> From: Jacob Gorm Hansen [mailto:jg@ioi.dk]=20
> Sent: Thursday, March 07, 2002 8:33 AM
> To: Neulinger, Nathan
> Cc: openafs-info@openafs.org
> Subject: Re: [OpenAFS] Authenticating against krb5-only KDC=20
> (active directory)
>=20
>=20
> On Thu, Mar 07, 2002 at 06:47:18AM -0600, Nathan Neulinger wrote:
> >=20
> > You run ms2mit. That copies the des-cbc-crc ticket from lsa stash to
> > ccache. Sometime someone should make a LSA-direct version=20
> of aklog, or
> > integrate ms2mit into aklog, but I doubt that will happen=20
> any time soon.=20
> >=20
> > If you put ms2mit, and aklog in your startup items, that should take
> > care of everything for you on windows. (Might need to rename to make
> > sure ms2mit runs first or use a script of some sort).
>=20
> Cool. I'm trying to compile it right now, not there yet.
>=20
> Does it mean I don't need krb524d???
>=20
> Best,
> Jacob
>=20