[OpenAFS] Kerberos 5, AFS, and no krb524d
Derrick J Brashear
shadow@dementia.org
Thu, 5 Jun 2003 15:12:17 -0400 (EDT)
On Thu, 5 Jun 2003, Nicholas Henke wrote:
> > Why can't you run a krb524d just for AFS, that doesn't support v4 tickets
> > but does afs rxkad 2b?
>
> Do you mean locally to the OpenAFS machine, or on the kerberos server? I
Locally to an OpenAFS server or on the krb5 kdc.
> have tried the local krb524d without success, and as for the UPENN.EDU
> kerberos realm, Penn does not support v4 tickets, and will not run that
> service. I am not sure what you mean by 'afs rxkad 2b' -- can you
> explain this a bit more ?
So if I give you one called krb52kad would you be able to get past it?
Really, it would help if you forget that it ever did krb4, but you can
disable that entirely for this application.
> [realms]
> UPENN.EDU = {
> kdc = kerberos1.upenn.edu:88
> kdc = roughneck.liniac.upenn.edu
> admin_server = kerberos1.upenn.edu:749
> krb524_server = roughneck.liniac.upenn.edu:4444
> }
Ok.
> I would rather not do this -- and just use the v5 tickets.
Not ready yet. However, the "rxkad 2b" in recent AFS is a stripped krb5
ticket, and that's what krb524d would be doing.