[OpenAFS] Request for Assistance with OpenAFS
Benjamin Kaduk
kaduk@MIT.EDU
Thu, 7 Apr 2016 14:46:25 -0400 (EDT)
On Thu, 7 Apr 2016, Steven Mikes wrote:
> Hi All,
> I am attempting to access an AFS cell which I believe is still using
> Kerberos V4. Existing machines in the cell use the 'klog' command
> (klog.krb) to obtain tokens.
> I'm running Ubuntu 14.04.2 with openAFS 1.6.17, and cannot figure out how
> to authenticate. The /usr/bin/klog in my install is symlinked to
> /etc/alternatives/klog, which is itself linked back to /usr/bin/klog.krb5,
> so there doesn't see to be a v4 version of the command at all. I know it
> was deprecated for security reasons and V5 is the recommended
> authentication method, but the cell I need to connect to is still on V4. Is
> there a way to configure krb5 so I can obtain tokens? I have tried various
> options in the /etc/krb5.conf file with no luck yet. Any help is much
> appreciated.
Sounds like you have the openafs-krb5 package installed ... but I really
would recommend updating your infrastructure instead of removing that
package; Kerberos 4 provides no real security.
-Ben