[OpenAFS] kaserver vs. Kerberos IV

Derek Atkins warlord@MIT.EDU
26 Oct 2002 18:40:59 -0400


please cc: openafs-info on your resonses...

"Aaron J. Angel" <aangel@myrealbox.com> writes:

> >>What is involed with migrating the database?  I don't really have that
> >>much to migrate, so I could start over fairly easily.  I suppose I'll be
> >>using Heimdal, if I opt for KRB5.
> > If you opt for Heimdal then you should be able to just migrate the
> > database wholesale (ISTR Heimdal as a KADB importer).
> 
> Say who?

ISTR == I Seem To Recall
KADB == KA DataBase

> >>Is there anything required as far as OpenAFS goes to make it use the KDC
> >>short of stopping kaserver?  And do I need any additional principals?
> > Just make sure your keys match, then you can use kinit/aklog (or
> > afslog).
> 
> Is krb5 backwards compatable?  I suppose I could just modify pam_krb5
> with some afs changes...I use pam_kerberosIV+afs now, which is why I
> was originally planning on KRB4.

v4 and v5 are different protocols.  But you don't want to use v4.
What other v4 apps do you use?  If AFS is your only kerberized app,
then you are MUCH better off using v5 (which is 2002 technology)
than v4 (which in 1988 technology).

> Another question; how would one create a principal with a specific
> instance using kaserver?

I dont know.  It's easy in v5 ;)

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available