[OpenAFS] Definitive Krb5 documentation desired

Derrick J Brashear shadow@dementia.org
Fri, 18 Apr 2003 12:50:06 -0400 (EDT)


On Fri, 18 Apr 2003, John Tang Boyland wrote:

> We're still using kaserver (without cross-realm authentication)
> rather than shift to kerberos 5 since the migration
> looks very complex and confusing.  The Wiki information looks
> out of date in places.  (And apparently heimdahl is no longer
> recommended?)

By whom? I recommend heimdal, but there's never been an official
recommendation of either, that I know of.

>  The amount of information in krb5.conf and in PAM and
> the babel of different afs+krb5 pam modules makes me reluctant to try a
> switchover until summer when long outages may be more acceptable.

you can switch to a heimdal kdc and ignore all your clients except
kpasswd, since otherwise they all just keep working. that includes
whatever login solution you have now. no pam.

> The 1.2.8 release says it supports V5 natively and I'm not sure how
> that affects/outdates the documentation.  Will 1.2.9 do even more?

no.

> Is there any chance that OpenAFS + Kerb5 integration will get cleaned
> up, standardized and documented soon ?

if you mean "document setting up a krb5 realm" that's not really our
forte. if you mean something else, what do you mean?