[OpenAFS] Mapping btw. AFS tokens and Kerberos tickets (Heimdal)
Volker Lendecke
Volker.Lendecke@SerNet.DE
Wed, 9 Nov 2005 23:20:05 +0100
--r5Pyd7+fXNt84Ff3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Nov 09, 2005 at 01:26:44PM +0300, Education Center wrote:
> AFS includes its own implementation of Kerberos, the KAServer. However, n=
ew
> installs of KAServer are not recommended as it is based on a draft versio=
n of
> the obsolete Kerberos 4 protocol. Even though AFS doesn't support Kerbero=
sV
> directly, it is highly recommended that you set up a KerberosV realm for =
your
> AFS cell and not install the KAServer. See KerberosV for the many advanta=
ges
> of using the latest Kerberos for your network authentication.=20
Please ignore my ignorance, but when reading the OpenAFS 1.4 release notes I
find the lines:
> OpenAFS 1.4.0 also represents a significant step forward for Kerberos 5
> integration. This release allows Kerberos 5 KDCs including Microsoft
> Active Directory to be the source of AFS client authentication.
Do the various AFS server accept Kerberos V tickets natively or don't they =
do
it? If they don't, what exactly do you mean by the entry in the release not=
es?=20
I'm interested because I might have to somehow acquire or generate Krb5 tic=
kets
in the Samba fake kaserver.=20
Thanks,
Volker
--r5Pyd7+fXNt84Ff3
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFDcnYUUROFNttXCWYRApKIAKDPPIpJ3MJR/92moLILi0JsK6oY6QCdGtBa
bhvrAC8vW4Xb3fYs2l6YSx4=
=RzW0
-----END PGP SIGNATURE-----
--r5Pyd7+fXNt84Ff3--