[OpenAFS] Puzzler: lack of access to AFS files

John Hascall john@iastate.edu
Wed, 12 Dec 2007 14:13:30 CST

> John Hascall wrote:
> > Would it work to modify the KDC such that when it hands out
> > an afs/<cell>@REALM ticket for a TGT with a client name that
> > is in the sconv table (like my sysadmin/asw.iastate.edu@IASTATE.EDU)
> > that it 'K4-izes' that name (to sysadmin/asw in this case) in the
> > returned ticket?  (Thus obviating the need to futz with the code
> > on every AFS server.)

> > Or is that just too hideous?

> Sounds like the tail waging the dog. There are KDCs used with AFS
> that are not modifiable, and don't support any k4. You don't want to
> fiddle with the K5 protocols either.  the Its time to get AFS 'k5-izes'.

Yes, it would be lovely if AFS was 100% K5.  (If it was, all this would
already be working!)  But, that's not something *I* can make happen.
I can, however, modify my KDC.  And I'm not sure why I would
(a) care about KDCs used with AFS that are not modifiable, or
(b) care about lack of K4 support in the KDC.