[OpenAFS] krb5 openafs tokens
Derek T. Yarnell
derek@cs.umd.edu
Fri, 4 Mar 2005 11:19:06 -0500
Ok, I understand that ever since 1.2.8, openafs understands a new 2b
format token. So my question is this, I currently have 1.2.13 running on
RHEL3, with MIT 1.3.6 as the kerberos servers. I currently use the
pam_krb5afs (or pam_krb5) pam module to authorized via krb5 then
retrieve afs tokens.
--- krb5.conf
[pam]
forwardable = true
krb4_convert = true
addressless = true
afs_cells = csic.umd.edu
---
Obviously this converts the krb5 ticket to a v4 then it grabs a token:
derek@squeamish:~> klist
Ticket cache: FILE:/tmp/krb5cc_2174_1EkqYC
Default principal: derek@CSIC.UMD.EDU
Valid starting Expires Service principal
03/04/05 11:02:32 03/04/05 21:02:03 krbtgt/CSIC.UMD.EDU@CSIC.UMD.EDU
renew until 03/04/05 11:02:32
Kerberos 4 ticket cache: /tmp/tkt2174_sH1AbO
Principal: derek@CSIC.UMD.EDU
Issued Expires Principal
03/04/05 11:02:32 03/04/05 20:57:32 krbtgt.CSIC.UMD.EDU@CSIC.UMD.EDU
03/04/05 11:02:08 03/04/05 21:02:08 afs.csic.umd.edu@CSIC.UMD.EDU
derek@squeamish:~> tokens
Tokens held by the Cache Manager:
User's (AFS ID 2174) tokens for afs@csic.umd.edu [Expires Mar 4 21:02]
--End of list--
Now, my question is this. How do I get it to just grab 2b tokens? Never
getting a v4 principal or token? How are people doing this? Can it be
done with the pam_krb5afs module? or something else?
Thanks
--
---
Derek T. Yarnell
University of Maryland
Computer Science Department Unix Staff
derek@cs.umd.edu