[OpenAFS] Native Kerberos 5 authentication in openafs-1.4
Timothy G. Flynn
tgflynn@stny.rr.com
Thu, 15 Sep 2005 01:40:01 -0400
Hello,
The announcement for openafs-1.4.0rc1 contains the following statement :
"This release allows all Kerberos 5 KDCs including Microsoft Active
Directory to be the source of AFS client authentication."
While I have been able to get this working (without using krb524d)
doing so required using two tools which are not readily provided by the
openafs source distribution : aklog and asetkey. aklog is included in
openafs-1.4 but is not installed even when the source distribution has
been configured with the --with-krb5 (or --with-krb5-conf) option.
asetkey is not included with openafs and must be installed from a
separate package.
Is there another procedure for configuring krb5 authentication that
does not require these tools ? If so I have found no information on the
web concerning it ?
If not, would it not be advisable to distribute the required tools
with openafs given that most new installations are likely to want to use
krb5 authentication ?
This post refers to my experience with RC3. If these issues have been
addressed in RC4, which I have not yet installed, my apologies.
Thanks,
Tim Flynn