[OpenAFS] fakeka and krb425
Sun, 01 May 2005 19:34:56 -0500
Please forgive my ignorance. I have rtfm'd and googled. I have OpenAFS
1.3.81 loaded and working on 2 servers on FC3 using a locally built
system from source (not RPM's). I also have Kerberos5 krb5-1.4.1 up
and working on these same servers, one master, one slave, also locally
built from source. My clients can klog OR kinit to any machine on the
network and authenticate and access files in OpenAFS volumes in my local
cell. Until I have authentication working properly I do not let them
venture out into the greater world. My questions are as follows:
1. How do I get one key/token for the client. When building krb5 I did
not enable V4 authentication heeding MIT's advice to move to krb5. I
have made several attempts to build Ken H's 2.0 migration kit to get
aklog and asetkey but so far have failed with well documented make
errors (but little documented solutions). And looking at the source for
krb5-1.4.1 and OpenAFS-1.3.81, I should be able to use fakeka to grant
tokens to OpenAFS.
2. When I do eventually open up access from my local cell to the world
would it be advisable to have krb425 in order to
authenticate against way older servers?
3. In any event what is the proper appdefaults section krb5.conf
notation for a krb5 kdc and OpenAFS 1.3.81?
4. How do I use fakeka?
Any references, links and patience are greatly appreciated.