[OpenAFS] Kerberos 5, AFS, and no krb524d
Ken Hornstein
kenh@cmf.nrl.navy.mil
Thu, 05 Jun 2003 14:42:44 -0400
> I have been struggling with setting up openAFS under our existing MIT
>Kerberos V setup here at Penn. The KDC here does not support v4 tickets,
>so there is no krb524 running. Is there an aklog that does not need to
>talk to a krb524d, or is there another way to setup AFS with out the
>'524' translator ?
In theory, if you're running a new enough OpenAFS (1.2.9 or greater),
you could modify aklog to simply store the V5 Kerberos ticket and
single-DES session key in the credential cache, instead of going through
the 524 translator. That falls under the "advanced topics" heading, and
if you're having trouble getting krb524d running then it may not be
for you.
One thing occurs to me ... you said you tried to get krb524d working with
a keytab. You _do_ know that once you extract the key into the keytab,
you need to then store that new key on the AFS fileservers, right?
--Ken