[OpenAFS] Definitive Krb5 documentation desired
Derrick J Brashear
shadow@dementia.org
Fri, 18 Apr 2003 12:50:06 -0400 (EDT)
On Fri, 18 Apr 2003, John Tang Boyland wrote:
> We're still using kaserver (without cross-realm authentication)
> rather than shift to kerberos 5 since the migration
> looks very complex and confusing. The Wiki information looks
> out of date in places. (And apparently heimdahl is no longer
> recommended?)
By whom? I recommend heimdal, but there's never been an official
recommendation of either, that I know of.
> The amount of information in krb5.conf and in PAM and
> the babel of different afs+krb5 pam modules makes me reluctant to try a
> switchover until summer when long outages may be more acceptable.
you can switch to a heimdal kdc and ignore all your clients except
kpasswd, since otherwise they all just keep working. that includes
whatever login solution you have now. no pam.
> The 1.2.8 release says it supports V5 natively and I'm not sure how
> that affects/outdates the documentation. Will 1.2.9 do even more?
no.
> Is there any chance that OpenAFS + Kerb5 integration will get cleaned
> up, standardized and documented soon ?
if you mean "document setting up a krb5 realm" that's not really our
forte. if you mean something else, what do you mean?