[OpenAFS] Kerberos 5, AFS, and no krb524d
Rodney Dyer
rmdyer@uncc.edu
Sat, 07 Jun 2003 12:31:31 -0400
At 04:45 PM 6/7/03 +0200, Lukas Kubin wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Ok, say it is little bit less than impossible.
>Anyway, first I need to get it at least working...
Ok, so what do you mean here? Working?
Do you mean AFS? Kerberos 5, AKlog.exe, Windows 2k/XP or all of the above?
1. Do you have an existing AFS infrastructure that works?
2. Do you have an existing Kerberos 5 infrastructure that works?
3. Do you have Win2k/XP installed on one of your machines?
4. Do you have the OpenAFS client installed on the Win2k/XP machine?
5. Does the OpenAFS client work...out of the box, on the Win2k/XP machine?
6. Have you installed the MIT Kerberos for Windows software to get
Kerberos 5 tickets?
7. Are your Win2k/XP machines members of a Windows Active Directory domain?
8. Have you setup the Active Directory server and Win2k/XP machines to
trust Kerberos realm?
9. Irregardless of AFS, can you logon to your Win2k/XP machines with your
Kerberos realm password?
10. If all of the above is not pre-prepped, then you haven't even gotten
half way there yet.
Btw, to your previous question about Win9x machines...no, we don't use
Win9x at all in our environment. We transitioned to NT back in 1997, then
to XP in 2002.
We are actually concerned about the future of the AFS client on the next
version of Windows aka Longhorn. We are looking into other technologies
just-in-case like NAS storage, NFSv4, etc.. I love AFS and would like to
see it continue, but we have to live in the real world. The Windows
OpenAFS client seems doomed. This SMB loop-back connection scheme is slow
and the AFS service is prone to crashes. The service should be rewritten
to actually support a Windows installable filesystem model. But, there
doesn't seem to be any expertise in that area within the OpenAFS
group. Heck, few people, including me, don't know enough about the way AFS
itself works internally to help out. The source code base is a wreck. I'm
even irritated that the OpenAFS'ers add new functionality in without much
documentation about what it was done for and what systems it effects...like
high security feature name mangling changes. Who decided that code should
be changed? Who are these people making changes to the codebase without
allowing a consensus to be held first?
...off soap box, sorry for the rant.
Btw, this is a mailing list. I'm subscribed to it. You don't need to
reply directly to me, just reply to the mailing list please. Thanks.
Rodney
...on any of 2000/XP
>platform. Any suggestions?
>Thank you.
>
>lukkas
>
>On 7 Jun 2003, Derek Atkins wrote:
>
> > Nothing is "impossible". You may not like it, but it is most assuredly
> > possible. It may not be the best option, or the easiest option, but it
> > is certainly an option. Even if you've got 4-year-old PCs you should be
> > able to upgrade. It's just a matter of time.
> >
> > I've seen sites upgrade 2000+ machines... every year... So only 200
> > is far from "impossible".
> >
> > -derek
> >
> > Lukas Kubin <kubin@opf.slu.cz> writes:
> >
> > > The upgrade is impossible for me now. It would need to be done on 200
> > > mid-aged computers. There >must< be some solution. I just can't find it.
> > > The problem for me is I can't find any useful docs. I need to know:
> > >
> > > 1. Which K5 to download
> > > 2. Which OpenAFS version to download
> > > 3. Which (aklog.exe)??? to download and from where
> > >
> > > for both Windows 98 and XP and how to configure it.
> > >
> > > Now, I have an K5 and OpenAFS servers running on Debian Linux. The
> > > kaserver is (by default OpenAFS install on Debian) not running.
> > > Until now, every aklog crashed when I tried to start it.
> > >
> > > lukas
> > >
> > > On 7 Jun 2003, Derek Atkins wrote:
> > >
> > > > Windows 9x is dead. Upgrade to an OS that was released this century.
> > > >
> > > > -derek
> > > >
> > > > Lukas Kubin <kubin@opf.slu.cz> writes:
> > > >
> > > > > Thank you for the very useful source of information for me.
> > > > > Did you also try to do the same on Windows 9x ?
> > > > >
> > > > > lukas
> > > > >
> > > > > On Fri, 6 Jun 2003, Rodney M Dyer wrote:
> > > > >
> > > > > > At 10:15 PM 6/6/2003 +0200, Lukas Kubin wrote:
> > > > > > >-----BEGIN PGP SIGNED MESSAGE-----
> > > > > > >Hash: SHA1
> > > > > > >
> > > > > > >I absolutely agree. Is there any reason why it still hasn't
> been done?
> > > > > > >I don't have much to say, since I'm just starting with
> OpenAFS/K5 but I
> > > > > > >know this is what I need. I've spent this week just by filling
> mailing
> > > > > > >lists looking for a solution how to enable Windows to mount
> AFS server
> > > > > > >using K5 tickets. Unsuccessfully.
> > > > > > >I'm not too skilled to help in programming it. Can I help any
> other way?
> > > > > >
> > > > > > For some reason this question keeps coming up again, and again,
> and again...
> > > > > >
> > > > > > We've been successful at using "aklog" within our IT group for
> Windows
> > > > > > XP. It wasn't really that much of a pain...hind-sight actually.
> > > > > >
> > > > > > See...
> > > > > >
> > > > > > http://www.coe.uncc.edu/~rmdyer
> > > > > >
> > > > > > Once I got the hang of it, I can now download both OpenAFS and MIT
> > > > > > Kerberos, and compile them with "aklog" all in one shot, within
> about an hour.
> > > > > >
> > > > > > The original "aklog.exe" from Ken H's site didn't work (it
> crashed good)
> > > > > > because all of the Kerberos DLL entry points were screwed up
> since it was
> > > > > > compiled with an older version of MIT Kerberos. The best thing
> to do is
> > > > > > just compile all "clean", then all the dll entry points should
> match up
> > > > > > perfectly.
> > > > > >
> > > > > > Rodney
> > > > > >
> > > > > > Rodney M. Dyer
> > > > > > Windows Systems Programmer
> > > > > > Mosaic Computing Group
> > > > > > William States Lee College of Engineering
> > > > > > University of North Carolina at Charlotte
> > > > > > Email rmdyer@uncc.edu
> > > > > > Phone (704)687-3518
> > > > > > Help Desk Line (704)687-3150
> > > > > > FAX (704)687-2352
> > > > > > Office 267 Smith Building
> > > > > >
> > > > > > _______________________________________________
> > > > > > OpenAFS-info mailing list
> > > > > > OpenAFS-info@openafs.org
> > > > > > https://lists.openafs.org/mailman/listinfo/openafs-info
> > > > > >
> > > > > >
> > > > >
> > > > > --
> > > > > Lukas Kubin
> > > > >
> > > > > phone: +420596398285
> > > > > email: kubin@opf.slu.cz
> > > > >
> > > > > Information centre
> > > > > The School of Business Administration in Karvina
> > > > > Silesian University in Opava
> > > > > Czech Republic
> > > > > http://www.opf.slu.cz
> > > > >
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > OpenAFS-info mailing list
> > > > > OpenAFS-info@openafs.org
> > > > > https://lists.openafs.org/mailman/listinfo/openafs-info
> > > >
> > > > --
> > > > Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> > > > Member, MIT Student Information Processing Board (SIPB)
> > > > URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> > > > warlord@MIT.EDU PGP key available
> > > >
> > > >
> > >
> > > --
> > > Lukas Kubin
> > >
> > > phone: +420596398285
> > > email: kubin@opf.slu.cz
> > >
> > > Information centre
> > > The School of Business Administration in Karvina
> > > Silesian University in Opava
> > > Czech Republic
> > > http://www.opf.slu.cz
> > >
> > >
> > >
> > >
> >
> > --
> > Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> > Member, MIT Student Information Processing Board (SIPB)
> > URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> > warlord@MIT.EDU PGP key available
> >
> >
>
>- --
>Lukas Kubin
>
>phone: +420596398285
>email: kubin@opf.slu.cz
>
>Information centre
>The School of Business Administration in Karvina
>Silesian University in Opava
>Czech Republic
>http://www.opf.slu.cz
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.1 (GNU/Linux)
>Comment: Made with pgp4pine 1.75-6
>
>iD8DBQE+4fqrhukdIiZrwu4RAh0NAKCL8QoX6fSjg2Bk+Pxn+7SGO8PEzQCfYm2d
>YcyAdgCHOP2oIy4qVoI6xIk=
>=cV/c
>-----END PGP SIGNATURE-----
>
>
>
>_______________________________________________
>OpenAFS-info mailing list
>OpenAFS-info@openafs.org
>https://lists.openafs.org/mailman/listinfo/openafs-info