[OpenAFS] OpenAFS with MIT Kerberos >= 1.2.6
Derek Atkins
warlord@MIT.EDU
09 Oct 2002 09:59:27 -0400
Friedrich Delgado Friedrichs <6delgado@informatik.uni-hamburg.de> writes:
> After diving into the Documentation (if all else fails, read the docs :)
> i disabled the "new style" of afs tokens in the [appdefaults] section
> of the krb5.conf file on all hosts as follows:
The krb5 team specifically discussed this.. :)
> Apparently, Kerberos 1.2.6 is not only able to return the encrypted part
> of a Kerberos 5 Ticket as a Token to an "afs/*@*" principal but does so
> by default. The user has to disable it manually, if the AFS Server is
> unable to use the Token, which seems to be the case with my OpenAFS
> installation (1.2.7, compiled from unpatched sources, linked against
> MIT Kerberos 5 1.2.5) or my Kerberos Migration Kit (Version 1.3).
This is correct. The krb5 work was finished before the AFS work...
> Question: Is it/will it be possible to use this feature, rather then
> disable it, with some Release of OpenAFS? Which one? How? I seem to
> be unable to find any docs about this, other than the short notice
> in the MIT Kerberos 5 source tree.
This work is underway in the AFS tree. Some support for this, I
believe, is on the main CVS head, but it is not ready for prime-time
(I don't even know if it works, yet).
> It would be nice to get rid of Kerberos 4 and single DES in the long
> run.
Agreed.
> Kind regards
> Friedel
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available