[OpenAFS] concise Kerberos 5 / OpenAFS setup doc?

Ken Hornstein kenh@cmf.nrl.navy.mil
Tue, 29 Nov 2005 10:34:35 -0500

>Does there exist any *concise* documentation for
>migrating to Kerberos 5 from the built-in OpenAFS Kerberos?

I can only say that every migration I've known about has been a little
bit different than every other one.  Some are a LOT different.  This
seems to be related that every installation treats authentication

I know you said you didn't want to spend a week learning about all
of the Kerberos-related stuff, but a migration documentation would have
to allow for the following variances:

- Do you want traditional OpenAFS authentication tools (klog) to still

- Do you intend on using PAM?

- Do you have a KDC already?  If so, which one?

- Do you intend to have your KDC have the same realm name as your OpenAFS
  cell name?

- What remote access utilities do you want to use to access your system?
  ssh?  Kerberos telnet/rlogin?

... and the list goes on.  That's why when I did the AFS-Kerberos 5 migration
kit I tried to explain what was going on behind the scenes so the user
could have enough information to make their own decision.  The people I
knew who had the best success migrating to Kerberos 5 had to learn
everything you didn't want to understand.