[OpenAFS] some simple openafs questions
Jeffrey Hutzelman
jhutz@cmu.edu
Mon, 28 Jul 2003 12:08:21 -0400
On Monday, July 28, 2003 09:27:04 +0200 Christian Ospelkaus
<christian@core-coutainville.org> wrote:
> So with an MIT KDC, you can set up krb524d to do talk to V4 clients? From
> previous discussions, my impression was that its purpose is merely to do
> some magic to a K5 ticket, so that an AFS token can be created...
You don't need krb524d to answer V4 requests - the KDC does that itself.
What krb524d does is transform V5 tickets into V4 tickets. So, if you have
a V5 TGT and want to talk to a V4-only service, you can get a V5 ticket for
that service, send it to krb524d, and it will send you back the
corresponding V4 ticket. This is what MIT's 'krb524init' and Heimdal's
'kinit -9' do to turn a V5 TGT into a V4 tgt. It's also what krb5-aware
aklog's do to get a V4 AFS ticket, which they can then turn into a token.
> Anyway, your posting is very helpful. Can you put it on the wiki (without
> the typo :-) ) or could I do that? Best regards,
Go ahead...