[OpenAFS] One more plea for a transparent Krb5 implementation of klog

John Tang Boyland boyland@solomons.cs.uwm.edu
Wed, 27 Apr 2005 15:54:42 -0500


] The Windows version of OpenAFS does not place any cell specific
] information into the Kerberos configuration file.   OAFW can
] be used to access as many cells as you would like with authentication.

Oh good.  Last I checked, install OAFW with Kerberos 5 turned on made
it useless for Kerberos 4 cells.  It's nice that OAFW is working hard
to make things easier for users.

] What cell specific information do you think is required?
] Why does Kerberos 5 need to know about it?

Last summer (or was it 2003?), I seriously looked into transitioning
our kaserver-based cell to krb5.  The transition kit was out of date
and required aklog (not provided) and one needed to list kerberos
servers in the krb5.conf, together with the encodings expected and AFS
info to get the PAM to work etc etc.  This is all with UNIX afs.

If in the meantime, Unix OpenAFS has gotten to the point that one can
have an empty krb5.conf then I think my request is mostly answered.
Are we really there yet?

John Boyland