[OpenAFS] fakeka and krb425

Steve Devine sdevine@msu.edu
Mon, 02 May 2005 07:56:18 -0400 

Michael Norwick wrote:

> Please forgive my ignorance.  I have rtfm'd and googled.  I have 
> OpenAFS 1.3.81 loaded and working on 2 servers on FC3 using a locally 
> built system from source (not RPM's).  I also have Kerberos5  
> krb5-1.4.1 up and working on these same servers, one master, one 
> slave, also locally built from source.  My clients can klog OR kinit 
> to any machine on the network and authenticate and access files in 
> OpenAFS volumes in my local cell.  Until I have authentication working 
> properly I do not let them venture out into the greater world.  My 
> questions are as follows:
> 1.  How do I get one key/token for the client.  When building krb5 I 
> did not enable V4 authentication heeding MIT's advice to move to krb5.

Krb5 builds with k4 compatability by default. You can enable or disable 
K4 in kdc.conf

> I have made several attempts to build Ken H's 2.0 migration kit to get 
> aklog and asetkey but so far have failed with well documented make 
> errors (but little documented solutions).  And looking at the source 
> for krb5-1.4.1 and OpenAFS-1.3.81, I should be able to use fakeka to 
> grant tokens to OpenAFS. 

Yes Fakeka runs in the place of kaserver. What are your make errors?

>
> 2.  When I do eventually open up access from my local cell to the 
> world would it be advisable to have krb425 in order to
> authenticate against way older servers? 

>
> 3.  In any event what is the proper appdefaults section krb5.conf 
> notation for a krb5 kdc and OpenAFS 1.3.81?
> 4.  How do I use fakeka? 

Fakeka runs in the place of kaserver:
/usr/local/sbin/fakeka &

>
>
> Any references, links and patience are greatly appreciated.
>
> Michael
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>

-- 
Steve Devine
Storage Systems
Academic Computing & Network Services
Michigan State University

301 Computer Center
East Lansing, MI 48824-1042
1-517-432-7327

Baseball is ninety percent mental; the other half is physical.
- Yogi Berra