[OpenAFS] Kerberos and AFS

Klaas Hagemann kerberos@northsailor.de
Tue, 22 Oct 2002 17:12:14 +0200 

Hi,

concerning the problem with the krb5-1.2.6 i got very usefull hints from the
kerberos mailing list:

- you have to modify the krb5.conf on the kerberos server (look at
/src/krb524d/README in the krb5-1.2.6 source code package).
- there is a bug in the kerberos package in krb524d that does not set the
kvno on the returned V4 ticket.
   Here is the patch for /src/krb524/krb524d.c (thanks to cesar garcia) :

$ diff -c krb524d.c.orig krb524d.c
*** krb524d.c.orig      Thu Oct 17 13:37:30 2002
--- krb524d.c   Thu Oct 17 13:39:55 2002
***************
*** 412,418 ****
              memset (key, 0, sizeof (*key));
              return ret;
          }
!
          krb5_kt_free_entry(context, &entry);
          return 0;
       } else if (use_master) {
--- 412,419 ----
              memset (key, 0, sizeof (*key));
              return ret;
          }
!           if(kvnop)
!             *kvnop = entry.vno;
          krb5_kt_free_entry(context, &entry);
          return 0;
       } else if (use_master) {

Klaas

PS: Hello Andreas...


----- Original Message -----

From: "Andreas Buhr" <andreas.buhr@epost.de>
To: <papitas@hotmail.com>
Cc: <openafs-info@openafs.org>
Sent: Monday, October 21, 2002 8:42 PM
Subject: Re: [OpenAFS] Kerberos and AFS


> >>I will be running 1 Solaris 9 AFS server with 2 SuSe 8.1 KDC's, how do I
> >>go about using the K5 authentication with AFS seamlessly?
> >
> >
> > You need the krb5 migration kit (which is included in the Red Hat
> > RPMS) so you can build 'asetkey' and 'aklog.  You generate an
> > afs/<cell>@REALM key in your KDC, making sure you use '-e
> > des-cbc-crc:v4' and extract that into an afs keytab.  Then you use
> > asetkey to add the keytab key into an AFS KeyFile.
> >
>
> Be aware that in the current release of Kerberos (1.2.6) krb524 (which
> converts the krb5-tickets to the kerberos 4 format, which is used by
> AFS) provides by default a keytype, which is IMHO not supportet by the
> current release of AFS. You can change this behavior in the config-files.
>
> Greetz
>
> Andreas
>
> btw:
> Hello to the list, I'm new here :-)
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info