[OpenAFS] When Using Kerberos5 is klog necessary?

Derek Atkins warlord@MIT.EDU
Wed, 31 Dec 2003 09:45:58 -0500 

you provide a program like MIT does, called "renew", and teach your
users to use that...  It runs kinit, aklog, and lots of other stuff
to renew your authentication..

-derek

David Botsch <dwb7@ccmr.cornell.edu> writes:

> And when your tokens expire or get blown away by something (or for some weird
> reason ssh doesn't do the right thing)?
>
> On Tue, Dec 30, 2003 at 08:47:44PM -0500, Derek Atkins wrote:
>> David Botsch <dwb7@ccmr.cornell.edu> writes:
>> 
>> > So that you can slowly migrate over to krb5 and not break most stuff that
>> > already works.
>> >
>> > And, you can be transparent to end users in the process.
>> >
>> > 1. Fix anything that doesn't work with fakeka.
>> > 2. turn off kaserver and turn on krb5 w. fake ka. End users won't have to
>> > change the way they do stuff cuz it still works.
>> > 3. Migrate end user tools from krb4 to krb5 and then turn off fakeka when
>> > you're done.
>> >
>> > Finally, ease of use.
>> >
>> > Why would I want to tell end users they have to type in two commands to
>> > get tokens instead of one? Most can barely handle just typing in "klog".
>> 
>> One phrase:  "integrated login"
>> 
>> I don't have to type in any commands..  My login program does it all for me.
>> 
>> -derek
>> 
>> > On Tue, Dec 30, 2003 at 07:59:55PM -0500, Derek Atkins wrote:
>> >> But WHY would you want to do something silly like that?
>> >> 
>> >> -derek
>> >> 
>> >> David Botsch <dwb7@ccmr.cornell.edu> writes:
>> >> 
>> >> > If you use the fakeka included in the krb5 migration kit, then, you can
>> >> > continue to use klog just as you did before. No kinit + aklog necessary.
>> >> >
>> >> > On Tue, Dec 30, 2003 at 03:03:54PM -0500, Derek Atkins wrote:
>> >> >> With krb5 you use a combination of kinit + aklog
>> >> >> The only documentation I know if is in the Wiki and email archives.
>> >> >> 
>> >> >> -derek
>> >> >> 
>> >> >> Fredrick Paul Eisele <fred@netarx.com> writes:
>> >> >> 
>> >> >> > Is klog no longer necessary with kerberos 5?
>> >> >> > Is kinit used instead?
>> >> >> > Is there documentation for using kerberos 5 with AFS?
>> >> >> >
>> >> >> > Our current cell uses afs 1.2.8 and kerberos 4.
>> >> >> >
>> >> >> >
>> >> >> > _______________________________________________
>> >> >> > OpenAFS-info mailing list
>> >> >> > OpenAFS-info@openafs.org
>> >> >> > https://lists.openafs.org/mailman/listinfo/openafs-info
>> >> >> >
>> >> >> >
>> >> >> 
>> >> >> -- 
>> >> >>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>> >> >>        Member, MIT Student Information Processing Board  (SIPB)
>> >> >>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>> >> >>        warlord@MIT.EDU                        PGP key available
>> >> >> _______________________________________________
>> >> >> OpenAFS-info mailing list
>> >> >> OpenAFS-info@openafs.org
>> >> >> https://lists.openafs.org/mailman/listinfo/openafs-info
>> >> >
>> >> > -- 
>> >> > ********************************
>> >> > David William Botsch
>> >> > Consultant/Advisor II
>> >> > CCMR Computing Facility
>> >> > dwb7@ccmr.cornell.edu
>> >> > ********************************
>> >> > _______________________________________________
>> >> > OpenAFS-info mailing list
>> >> > OpenAFS-info@openafs.org
>> >> > https://lists.openafs.org/mailman/listinfo/openafs-info
>> >> >
>> >> >
>> >> 
>> >> -- 
>> >>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>> >>        Member, MIT Student Information Processing Board  (SIPB)
>> >>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>> >>        warlord@MIT.EDU                        PGP key available
>> >> _______________________________________________
>> >> OpenAFS-info mailing list
>> >> OpenAFS-info@openafs.org
>> >> https://lists.openafs.org/mailman/listinfo/openafs-info
>> >
>> > -- 
>> > ********************************
>> > David William Botsch
>> > Consultant/Advisor II
>> > CCMR Computing Facility
>> > dwb7@ccmr.cornell.edu
>> > ********************************
>> >
>> >
>> 
>> -- 
>>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>>        Member, MIT Student Information Processing Board  (SIPB)
>>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>>        warlord@MIT.EDU                        PGP key available
>> _______________________________________________
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
>
> -- 
> ********************************
> David William Botsch
> Consultant/Advisor II
> CCMR Computing Facility
> dwb7@ccmr.cornell.edu
> ********************************
>
>

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available