[OpenAFS] fakeka and krb425
Mon, 02 May 2005 07:56:18 -0400
Michael Norwick wrote:
> Please forgive my ignorance. I have rtfm'd and googled. I have
> OpenAFS 1.3.81 loaded and working on 2 servers on FC3 using a locally
> built system from source (not RPM's). I also have Kerberos5
> krb5-1.4.1 up and working on these same servers, one master, one
> slave, also locally built from source. My clients can klog OR kinit
> to any machine on the network and authenticate and access files in
> OpenAFS volumes in my local cell. Until I have authentication working
> properly I do not let them venture out into the greater world. My
> questions are as follows:
> 1. How do I get one key/token for the client. When building krb5 I
> did not enable V4 authentication heeding MIT's advice to move to krb5.
Krb5 builds with k4 compatability by default. You can enable or disable
K4 in kdc.conf
> I have made several attempts to build Ken H's 2.0 migration kit to get
> aklog and asetkey but so far have failed with well documented make
> errors (but little documented solutions). And looking at the source
> for krb5-1.4.1 and OpenAFS-1.3.81, I should be able to use fakeka to
> grant tokens to OpenAFS.
Yes Fakeka runs in the place of kaserver. What are your make errors?
> 2. When I do eventually open up access from my local cell to the
> world would it be advisable to have krb425 in order to
> authenticate against way older servers?
> 3. In any event what is the proper appdefaults section krb5.conf
> notation for a krb5 kdc and OpenAFS 1.3.81?
> 4. How do I use fakeka?
Fakeka runs in the place of kaserver:
> Any references, links and patience are greatly appreciated.
> OpenAFS-info mailing list
Academic Computing & Network Services
Michigan State University
301 Computer Center
East Lansing, MI 48824-1042
Baseball is ninety percent mental; the other half is physical.
- Yogi Berra