[OpenAFS] Preferred method for turning MIT Kerberos tickets into AFS tokens
in Linux
Kevin
openafs@gnosys.biz
Tue, 23 Nov 2004 11:56:49 -0500
Hi List-
I'm running 1.2.11 OpenAFS server software (built from sources) on a
SuSE Linux 9.0 server (i386 hardware).
I'm running MIT Kerberos 5 version 1.3.1 (also built from sources) as
the KDC on the same server.
I found Ken Hornstein's faq on Kerberos and OpenAFS, especially with
regard to the integration of the two. I implemented the integration
using ftp://ftp.cmf.nrl.navy.mil/pub/kerberos5/afs-krb5-2.0.tar.gz
but I recall that this part was problematic. Looking over my notes from
having done this and reading through this tarball, it seems that this is
somewhat out of date. I did manage to build aklog and asetkey for
i386_linux24, but it was just lucky for me that it worked because the
make pooped out after building those executables. I really only needed
aklog at the time, so I wasn't troubled by the failed make, but now I'm
adding ppc workstations to the network and so I'm thinking again about
the integration of kerberos and afs. I'm having the same difficulty
with building the software in this tarball on ppc_linux26 that I had on
i386_linux24 and even worse because I can't even get aklog to compile.
I implemented this in February and everything has been working perfectly
since then, but with the addition of ppc workstations to the network I
now have the problem of integration again and building aklog from
sources again.
So my question is just this: is this still the preferred method of
integrating MIT Kerberos 5 with OpenAFS in Linux? I've read threads
about aklog in Windows and threads about pam and kerberos and openafs in
Linux in this list, but I don't see much about aklog and Linux. Is
there a better way than what I'm doing? If not, is the tarball above
the latest version of aklog? Would anyone mind pointing me to newer
versions of the same? I'm having a terrible time getting that tarball
to build and I can't help but think there must be a better way. If not,
I'll keep struggling with that, but just thought I'd check first.
TIA.
-Kevin
http://www.gnosys.us