[OpenAFS] Request for Assistance with OpenAFS

Steven Mikes steven.mikes@globalfoundries.com
Thu, 7 Apr 2016 15:00:14 -0400


--089e0122e7209b9c7f052fe9b25b
Content-Type: text/plain; charset=UTF-8

Yes I have the openafs-krb5 package. Should I try removing that one?
Unfortunately the IT infrastructure in question is far outside of my
influence, so it is what it is. Brian, I'm not sure what the kerberos realm
would be in this case. Did AFS with kerb V4 use them at all? klist from an
existing cell machine returns:
klist: No credentials cache found (ticket cache FILE:)

On Thu, Apr 7, 2016 at 2:46 PM, Benjamin Kaduk <kaduk@mit.edu> wrote:

> On Thu, 7 Apr 2016, Steven Mikes wrote:
>
> > Hi All,
> > I am attempting to access an AFS cell which I believe is still using
> > Kerberos V4. Existing machines in the cell use the 'klog' command
> > (klog.krb) to obtain tokens.
> > I'm running Ubuntu 14.04.2 with openAFS 1.6.17, and cannot figure out how
> > to authenticate. The /usr/bin/klog in my install is symlinked to
> > /etc/alternatives/klog, which is itself linked back to
> /usr/bin/klog.krb5,
> > so there doesn't see to be a v4 version of the command at all. I know it
> > was deprecated for security reasons and V5 is the recommended
> > authentication method, but the cell I need to connect to is still on V4.
> Is
> > there a way to configure krb5 so I can obtain tokens? I have tried
> various
> > options in the /etc/krb5.conf file with no luck yet. Any help is much
> > appreciated.
>
> Sounds like you have the openafs-krb5 package installed ... but I really
> would recommend updating your infrastructure instead of removing that
> package; Kerberos 4 provides no real security.
>
> -Ben
>



-- 
*Steven Mikes*
Integrated Circuit Designer
Global Foundries

--089e0122e7209b9c7f052fe9b25b
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Yes I have the openafs-krb5 package. Should I try removing=
 that one? Unfortunately the IT infrastructure in question is far outside o=
f my influence, so it is what it is. Brian, I&#39;m not sure what the kerbe=
ros realm would be in this case. Did AFS with kerb V4 use them at all? klis=
t from an existing cell machine returns:<div>klist: No credentials cache fo=
und (ticket cache FILE:)<br></div></div><div class=3D"gmail_extra"><br><div=
 class=3D"gmail_quote">On Thu, Apr 7, 2016 at 2:46 PM, Benjamin Kaduk <span=
 dir=3D"ltr">&lt;<a href=3D"mailto:kaduk@mit.edu" target=3D"_blank">kaduk@m=
it.edu</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"=
margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=
=3D"">On Thu, 7 Apr 2016, Steven Mikes wrote:<br>
<br>
&gt; Hi All,<br>
&gt; I am attempting to access an AFS cell which I believe is still using<b=
r>
&gt; Kerberos V4. Existing machines in the cell use the &#39;klog&#39; comm=
and<br>
&gt; (klog.krb) to obtain tokens.<br>
&gt; I&#39;m running Ubuntu 14.04.2 with openAFS 1.6.17, and cannot figure =
out how<br>
&gt; to authenticate. The /usr/bin/klog in my install is symlinked to<br>
&gt; /etc/alternatives/klog, which is itself linked back to /usr/bin/klog.k=
rb5,<br>
&gt; so there doesn&#39;t see to be a v4 version of the command at all. I k=
now it<br>
&gt; was deprecated for security reasons and V5 is the recommended<br>
&gt; authentication method, but the cell I need to connect to is still on V=
4. Is<br>
&gt; there a way to configure krb5 so I can obtain tokens? I have tried var=
ious<br>
&gt; options in the /etc/krb5.conf file with no luck yet. Any help is much<=
br>
&gt; appreciated.<br>
<br>
</span>Sounds like you have the openafs-krb5 package installed ... but I re=
ally<br>
would recommend updating your infrastructure instead of removing that<br>
package; Kerberos 4 provides no real security.<br>
<br>
-Ben<br>
</blockquote></div><br><br clear=3D"all"><div><br></div>-- <br><div class=
=3D"gmail_signature"><div dir=3D"ltr"><b>Steven Mikes</b><div>Integrated Ci=
rcuit Designer</div><div>Global Foundries</div></div></div>
</div>

--089e0122e7209b9c7f052fe9b25b--