[OpenAFS] Get tokens from Windows

Douglas E. Engert deengert@anl.gov
Fri, 23 May 2003 10:08:39 -0500 

We have been working on another approach to getting an AFS token
called gssklog. It uses GSSAPI to authenticate and to protect the 
AFS token in transit. The gssklogd daemons run on the AFS database servers.

This was originally developed for Globus to use the GSI (X509 certificate
based), but can also use the Kerberos GSI. 

I would eventually like to submit this OpenAFS, after looking at 
any changes need to support a K5 type token. 

It in effect separates the authentication from the authorization, and really 
treats the AFS cell as an authorization domain, not necessarily a part of
a larger Kerberos realm.  Although it can still be.  (The AFS token is still
based on a Kerberos ticket, in effect generated by the gssklogd
for the local AFS cell, using the AFS key.)    

Some of the nice features is it uses the GSSAPI, and does not call
Kerberos directly. So it can be compiled with only a gssapi.h 
It does not need krb524 or krb524d. It can use a Windows Domain as the KDC. 

It runs on Windows, using the GSI or Kerberos gss dll, and could be 
changed to use the MS SSPI.  

See ftp://achilles.ctd.anl.gov/pub/DEE/gssklog-0.6.tar



Derek Atkins wrote:
> 
> you need aklog.exe
> 
> -derek
> 
> Ian Delahorne <ian@assv.net> writes:
> 
> > If I want to obtain tokens with my TGT obtained from my heimdal KDC
> > when I log on to my XP station, what do I need?
> > --
> > /Ian D
> > ian@assv.net - www.assv.net
> > _______________________________________________
> > OpenAFS-info mailing list
> > OpenAFS-info@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-info
> 
> --
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444