[OpenAFS] krb5 inclusion in client build = NO kaserver auth whatsoever?

Derrick Brashear shadow@gmail.com
Mon, 3 Dec 2007 10:26:22 -0500


------=_Part_920_9716810.1196695582477
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Dec 3, 2007 10:16 AM, Jeff Blaine <jblaine@kickflop.net> wrote:

> I'm trying to deduce the depth of effect from building
> OpenAFS client tarballs with '--with-krb5-conf=...'
>
> During our transition to krb5 auth, I'd like our clients
> to have an OpenAFS allowing kaserver auth, but I obviously
> want aklog in place for those willing to test krb5 + aklog.
>
> Can anyone save me some testing time and comment on the
> fesibility of that?
>

3 choices:

krb5kdc with fakeka (if mit) or with kaserver-compat enabled (if heimdal) in
place of kaserver

or

sync the key key between the kaserver and the krb5kdc

or

different realm name for krb5 and kaserver, and 2 keys (with different
kvnos) on all the afs servers.

------=_Part_920_9716810.1196695582477
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<br><br><div class="gmail_quote">On Dec 3, 2007 10:16 AM, Jeff Blaine &lt;<a href="mailto:jblaine@kickflop.net">jblaine@kickflop.net</a>&gt; wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I&#39;m trying to deduce the depth of effect from building<br>OpenAFS client tarballs with &#39;--with-krb5-conf=...&#39;<br><br>During our transition to krb5 auth, I&#39;d like our clients<br>to have an OpenAFS allowing kaserver auth, but I obviously
<br>want aklog in place for those willing to test krb5 + aklog.<br><br>Can anyone save me some testing time and comment on the<br>fesibility of that?<br></blockquote><div><br>3 choices:<br><br>krb5kdc with fakeka (if mit) or with kaserver-compat enabled (if heimdal) in place of kaserver
<br><br>or<br><br></div></div>sync the key key between the kaserver and the krb5kdc<br><br>or <br><br>different realm name for krb5 and kaserver, and 2 keys (with different kvnos) on all the afs servers.<br><br>

------=_Part_920_9716810.1196695582477--