[OpenAFS] Kerberos 5, AFS, and no krb524d

Neulinger, Nathan nneul@umr.edu
Thu, 5 Jun 2003 13:52:00 -0500


Alternatively, use the patch I used based on one that Doug Engert wrote
that lets you use a keytab and the keyfile separately without having to
worry about getting the right keys copied around to the right places.



------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216


> -----Original Message-----
> From: Ken Hornstein [mailto:kenh@cmf.nrl.navy.mil]=20
> Sent: Thursday, June 05, 2003 1:43 PM
> To: Nicholas Henke
> Cc: openafs-info@openafs.org
> Subject: Re: [OpenAFS] Kerberos 5, AFS, and no krb524d=20
>=20
>=20
> >	I have been struggling with setting up openAFS under=20
> our existing MIT
> >Kerberos V setup here at Penn. The KDC here does not support=20
> v4 tickets,
> >so there is no krb524 running. Is there an aklog that does=20
> not need to
> >talk to a krb524d, or is there another way to setup AFS with out the
> >'524' translator ?
>=20
> In theory, if you're running a new enough OpenAFS (1.2.9 or greater),
> you could modify aklog to simply store the V5 Kerberos ticket and
> single-DES session key in the credential cache, instead of=20
> going through
> the 524 translator.  That falls under the "advanced topics"=20
> heading, and
> if you're having trouble getting krb524d running then it may not be
> for you.
>=20
> One thing occurs to me ... you said you tried to get krb524d=20
> working with
> a keytab.  You _do_ know that once you extract the key into=20
> the keytab,
> you need to then store that new key on the AFS fileservers, right?
>=20
> --Ken
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>=20