[OpenAFS] Problems with OpenAFS Fileserver.../ Kerberos5 Problem

Hans-Gunther Borrmann hans-gunther.borrmann@rz.uni-freiburg.de
Fri, 18 Mar 2005 09:37:54 +0100


On Thursday 17 March 2005 21:03, Lars Schimmer wrote:
> Jeffrey Altman schrieb:
> | Lars Schimmer wrote:
> |> If there are two entrys in the keyfile, one from old kaserver and one
> |> from Kerberos5 server, and the krb5 hat kvno of 1, the kaserver a kvno
> |> of 0, is it possible for all clients (linux and windows) to get tokens
> |> via kaserv? The new kerberos server isn=B4t in their (clients) CellSer=
vDB
> |> yet.
> |
> | Windows clients use MIT KFW for Kerberos 5 support.  The locations of
> | KDCs are determined either from the krb5.ini file or DNS SRV records.
> | CellServDB is not used for token acquisition when Kerberos 5 support
> | is being used.
>
> Thx for fast answer, but I meant the other way round.
> If the KDC is up and running and the old kaserver are still up running,
> and the windows clients has only the "old" kaserver in their CellServDB
> and the have no kerberos on their system, can the windows clients still
> logon AFS and get tokens via kaserv?
> I mean, with now 2 entrys in the keyfile, can the servers select the
> right one out for Windows AFS clients without kerberos?
>
>

As far as I remember from my tests the answer is yes.
=2D-=20
________________________________________________________________
Hans-Gunther Borrmann <hans-gunther.borrmann@rz.uni-freiburg.de>
Rechenzentrum der Universitaet Freiburg
Hermann-Herder-Str. 10, D79104 FREIBURG
Tel.: +49 761/203-4652
=46ax:  +49 761/203-4643