[OpenAFS] openafs and dce cell
Ken Hornstein
kenh@cmf.nrl.navy.mil
Tue, 08 Nov 2005 11:46:01 -0500
>So we are moving out of DCE/DFS and I need to be able to run them side
>by side for a bit. Obviously I can't run krb542d on the DCE cell. But
>I can get a krb5 ticket out and that works fine, I thought there was now
>support for converting krb5 tickets into tokens without the need of a
>524d? Or am I stuck with gssklog until I convert over to a MIT KDC with
>the 524d?
If you have a new enough vintage of OpenAFS (I think 1.2.13) it can
take a raw v5 ticket in an AFS token just fine. You need a new enough
aklog (like the one that comes with OpenAFS 1.4). But you can run
krb524d in a DCE cell, assuming you can extract the AFS service key
into a keytab.
--Ken