[OpenAFS] Native Kerberos 5 authentication in openafs-1.4

Timothy G. Flynn tgflynn@stny.rr.com
Thu, 15 Sep 2005 01:40:01 -0400


  The announcement for openafs-1.4.0rc1 contains the following statement :

      "This release allows all Kerberos 5 KDCs including Microsoft Active
       Directory to be the source of AFS client authentication."


   While I have been able to get this working (without using krb524d) 
doing so required using two tools which are not readily provided by the 
openafs source distribution : aklog and asetkey.  aklog is included in 
openafs-1.4 but is not installed even when  the source  distribution has 
been configured with the --with-krb5 (or --with-krb5-conf) option.   
asetkey is not included with openafs and must be installed from a 
separate package.

  Is there another procedure for configuring krb5 authentication that 
does not require these tools ?  If so I have found no information on the 
web concerning it ?

  If not, would it not be advisable to distribute the required tools 
with openafs given that most new installations are likely to want to use 
krb5 authentication ?

  This post refers to my experience with RC3.  If these issues have been 
addressed in RC4, which I have not yet installed, my apologies.

Tim Flynn