[OpenAFS] Re: authenticating using AD servers hidden behind firewall

Jeffrey Altman jaltman@secure-endpoints.com
Thu, 07 Jun 2012 21:28:07 -0400


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig6EEFCC432365EBA506E729E7
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 6/7/2012 9:09 PM, John Tang Boyland wrote:
> Our institution uses "Shibboleth" for off campus authentication,
> since it keeps the AD (and thus kerberos) servers hidden behind
> a firewall.  Does anyone know how to have OpenAFS use Shibboleth
> for authentication?
> John

John:

What you need is an implementation of GSS IAKERB

  https://tools.ietf.org/html/draft-ietf-krb-wg-iakerb-02

as part of Doug Engert's gssklogd.  I don't believe there is an open
source implementation of it yet.

Jeffrey Altman


--------------enig6EEFCC432365EBA506E729E7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJP0VUoAAoJENxm1CNJffh4kOYH/2U+KkY12yf4t0fSRcMfjmlz
/VXBDlwJ2SqhToVeNz6gpIsBHzsFUd8WLh7DLYTaujxqsrjvUbs3kmyDU1lOnQc4
PWcgOrDWudWPa5UEl8WAquIIpCV4//IA59jMXmLb6rU1z5zBz4QOg/iuK7xy8v85
tjJiP7vNVfiKHw0lJ3uwOeGJ+E4/KdVt8TUZ2kH2Pj3d+M7giOQohzLOIm/jryM1
BLCS9QgT5gGYibVMpTZc/8jizj2ueptxhGys2Kdvl3dptQ2EIcVWZm0rqjmVd1iR
IiW8jK0YZG1tqclSqh77LJELK4pidPSQCgjKFvqdQwbj3/5wdAuxhFrawkWtVcw=
=qgMU
-----END PGP SIGNATURE-----

--------------enig6EEFCC432365EBA506E729E7--