[OpenAFS] Kerberos 5, AFS, and no krb524d
Nicholas Henke
henken@seas.upenn.edu
05 Jun 2003 15:02:29 -0400
On Thu, 2003-06-05 at 14:56, Derrick J Brashear wrote:
> On Thu, 5 Jun 2003, Nicholas Henke wrote:
>
> > Hey folks~~
> > I have been struggling with setting up openAFS under our existing MIT
> > Kerberos V setup here at Penn. The KDC here does not support v4 tickets,
> > so there is no krb524 running. Is there an aklog that does not need to
> > talk to a krb524d, or is there another way to setup AFS with out the
> > '524' translator ?
>
> Why can't you run a krb524d just for AFS, that doesn't support v4 tickets
> but does afs rxkad 2b?
Do you mean locally to the OpenAFS machine, or on the kerberos server? I
have tried the local krb524d without success, and as for the UPENN.EDU
kerberos realm, Penn does not support v4 tickets, and will not run that
service. I am not sure what you mean by 'afs rxkad 2b' -- can you
explain this a bit more ?
>
> > I have tried running a krb524d locally here, using a keytab filled with
> > 'ktadd ...', but it just does not seem to work.
>
> did ktadd change the key? (i don't remember)
I really don't know.
>
> even if not, how did you tell your clients where to look for krb524d?
[realms]
UPENN.EDU = {
kdc = kerberos1.upenn.edu:88
kdc = roughneck.liniac.upenn.edu
admin_server = kerberos1.upenn.edu:749
krb524_server = roughneck.liniac.upenn.edu:4444
}
I would rather not do this -- and just use the v5 tickets.
Nic
--
Nicholas Henke
Penguin Herder & Linux Cluster System Programmer
Liniac Project - Univ. of Pennsylvania