[OpenAFS] 1.2.10 without krb524
Derrick J Brashear
shadow@dementia.org
Mon, 25 Aug 2003 10:51:04 -0400 (EDT)
On Mon, 25 Aug 2003, Chris McClimans wrote:
> I have two REALMS:
> TTU.EDU
> CS.TTU.EDU
>
> I have a keytab for afs/cs.ttu.edu in both REALMS and have added it to
> the KeyFile on all my afs servers.
> Since I would have to keep this up to date on all clients, I'd prefer
> to get rid of krb524. Anyone have pointers to how to accomplish this on
> the unix side? I saw a couple posts about it working on the windows
> side.
Google for:
openafs krb524d "bad idea"
Or
https://lists.openafs.org/pipermail/openafs-info/2003-June/thread.html#9439
It's a matter of writing some code for aklog. I'm of the opinion that it's
not the best of ideas, no I never cleaned up the code I wrote, and
discarded it some time later. Literally, pull the encrypted part out of
the krb5 ticket, and use ktc_SetToken to stuff it into the kernel.