[OpenAFS] fakeka and krb425

Michael Norwick ctx37888@centurytel.net
Sun, 01 May 2005 19:34:56 -0500

Please forgive my ignorance.  I have rtfm'd and googled.  I have OpenAFS 
1.3.81 loaded and working on 2 servers on FC3 using a locally built 
system from source (not RPM's).  I also have Kerberos5  krb5-1.4.1 up 
and working on these same servers, one master, one slave, also locally 
built from source.  My clients can klog OR kinit to any machine on the 
network and authenticate and access files in OpenAFS volumes in my local 
cell.  Until I have authentication working properly I do not let them 
venture out into the greater world.  My questions are as follows:
1.  How do I get one key/token for the client.  When building krb5 I did 
not enable V4 authentication heeding MIT's advice to move to krb5.  I 
have made several attempts to build Ken H's 2.0 migration kit to get 
aklog and asetkey but so far have failed with well documented make 
errors (but little documented solutions).  And looking at the source for 
krb5-1.4.1 and OpenAFS-1.3.81, I should be able to use fakeka to grant 
tokens to OpenAFS.
2.  When I do eventually open up access from my local cell to the world 
would it be advisable to have krb425 in order to
authenticate against way older servers?
3.  In any event what is the proper appdefaults section krb5.conf 
notation for a krb5 kdc and OpenAFS 1.3.81?
4.  How do I use fakeka?

Any references, links and patience are greatly appreciated.