[OpenAFS] About the upgrading from kaserver toKerberos 5
huangql
huangql@ihep.ac.cn
Fri, 10 Aug 2018 09:00:18 +0800
This is a multi-part message in MIME format.
------=_001_NextPart712010243611_=----
Content-Type: text/plain;
charset="UTF-8"
Content-Transfer-Encoding: base64
DQpEZWFyIGFsbCwNCg0KV2UgaGF2ZSBhbHJlYWR5IGNyZWF0ZSBhbGwgdGhlIHByaW5jaXBhbHMg
ZnJvbSBzY3JhdGNoLiBBcyB3ZSB3YW50IHRvIG1ha2UgYWZzIGFjY291bnRzIHRyYW5zZmVyIHRv
IEtEQyBhdXRoZW50aWNhdGlvbiBzbW9vdGhseSB3aXRob3V0IGFza2luZyB0aGVtIHRvIGNoYW5n
ZSBwYXNzd29yZCBmb3JjZWx5Lg0KDQpGcm9tIHRoZSBmb2xsb3dpbmcgaW5mb3JtYXRpb24sIHdl
IGtub3cga2FzZXJ2ZXIgYW5kIEtEQyBjYW4gd29yayB0b2dldGhlciBmb3Igb25lIEFGUyBjZWxs
LiBEbyB5b3Uga25vdyBob3cgdG8gY29uZmlndXJlIHRoZSBBRlMgY2VsbCB0byBzdXBwb3J0IGth
c2VydmVyIGFuZCBLREMgNSBhdCB0aGUgc2FtZSB0aW1lPw0KDQpUaGFuayB5b3Ugc28gbXVjaCEN
Cg0KPiBJZiB0aGUgS0RDIGlzIHVwIGFuZCBydW5uaW5nIGFuZCB0aGUgb2xkIGthc2VydmVyIGFy
ZSBzdGlsbCB1cCBydW5uaW5nLA0KPiBhbmQgdGhlIHdpbmRvd3MgY2xpZW50cyBoYXMgb25seSB0
aGUgIm9sZCIga2FzZXJ2ZXIgaW4gdGhlaXIgQ2VsbFNlcnZEQgo+IGFuZCB0aGUgaGF2ZSBubyBr
ZXJiZXJvcyBvbiB0aGVpciBzeXN0ZW0sIGNhbiB0aGUgd2luZG93cyBjbGllbnRzIHN0aWxsCj4g
bG9nb24gQUZTIGFuZCBnZXQgdG9rZW5zIHZpYSBrYXNlcnY/Cj4gSSBtZWFuLCB3aXRoIG5vdyAy
IGVudHJ5cyBpbiB0aGUga2V5ZmlsZSwgY2FuIHRoZSBzZXJ2ZXJzIHNlbGVjdCB0aGUKPiByaWdo
dCBvbmUgb3V0IGZvciBXaW5kb3dzIEFGUyBjbGllbnRzIHdpdGhvdXQga2VyYmVyb3M/Cj4KPgo+
PiBBcyBmYXIgYXMgSSByZW1lbWJlciBmcm9tIG15IHRlc3RzIHRoZSBhbnN3ZXIgaXMgeWVzLg0K
UmVnYXJkcywNClFpdWxhbg0KDQoNCmh1YW5ncWwNCj09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQpDb21wdXRpbmcgY2Vu
dGVyLHRoZSBJbnN0aXR1dGUgb2YgSGlnaCBFbmVyZ3kgUGh5c2ljcywgQ0FTLCBDaGluYQ0KUWl1
bGFuIEh1YW5nICAgICAgICAgICAgICAgICAgICAgICBUZWw6ICgrODYpIDEwIDg4MjMgNjA4Nw0K
UC5PLiBCb3ggOTE4LTcgICAgICAgICAgICAgICAgICAgICAgIEZheDogKCs4NikgMTAgODgyMyA2
ODM5DQpCZWlqaW5nIDEwMDA0OSAgUC5SLiBDaGluYSAgICAgICAgICAgRW1haWw6IGh1YW5ncWxA
aWhlcC5hYy5jbg0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PQ0KDQo=
------=_001_NextPart712010243611_=----
Content-Type: text/html;
charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charse=
t=3DUTF-8"><style>body { line-height: 1.5; }blockquote { margin-top: 0px; =
margin-bottom: 0px; margin-left: 0.5em; }div.foxdiv20180810085851651683 { =
}body { font-size: 10.5pt; font-family: =E5=BE=AE=E8=BD=AF=E9=9B=85=E9=BB=
=91; color: rgb(0, 0, 0); line-height: 1.5; }</style></head><body>=0A<div>=
<span></span><br></div><blockquote style=3D"margin-top: 0px; margin-bottom=
: 0px; margin-left: 0.5em;"><div><div class=3D"FoxDiv20180810085851651683"=
>=0A<div><span></span>Dear all,</div><div><br></div><div>We have already c=
reate all the principals from scratch. As we want to make afs accounts tra=
nsfer to KDC authentication smoothly without asking them to change passwor=
d forcely.</div><div><br></div><div>From the following information, we kno=
w kaserver and KDC can work together for one AFS cell. Do you know how to =
configure the AFS cell to support kaserver and KDC 5 at the same time?</di=
v><div><br></div><div>Thank you so much!</div><div><br></div><div><span st=
yle=3D"font-size: 10.5pt; line-height: 1.5; background-color: window;">>=
;</span><i style=3D"font-size: 10.5pt; line-height: 1.5; background-color:=
window;"> If the KDC is up and running and the old kaserver are still up =
running,</i></div><div><pre>><i> and the windows clients has only the "=
old" kaserver in their CellServDB=0A</i>><i> and the have no kerberos o=
n their system, can the windows clients still=0A</i>><i> logon AFS and =
get tokens via kaserv?=0A</i>><i> I mean, with now 2 entrys in the keyf=
ile, can the servers select the=0A</i>><i> right one out for Windows AF=
S clients without kerberos?=0A</i>><i>=0A</i>><i>=0A</i>>> As =
far as I remember from my tests the answer is yes.</pre></div>=0A<div>Rega=
rds,</div><div>Qiulan</div>=0A<hr style=3D"width: 210px; height: 1px;" ali=
gn=3D"left" color=3D"#b5c4df" size=3D"1">=0A<div><span><div style=3D"MARGI=
N: 10px; FONT-FAMILY: verdana; FONT-SIZE: 10pt"><div>huangql</div></div></=
span></div><div>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D<br>Computing center,the Institute of High Energy Physics, CAS, China<b=
r>Qiulan Huang &nb=
sp; Tel: (+86) 10 8823 6087<br>P.O. Box 918-7 =
Fax: (+86) =
10 8823 6839<br>Beijing 100049 P.R. China  =
; Email: huangql@ihep.ac.cn<br>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D</div>=0A<blockquote style=3D"margin-top: 0px; margin=
-bottom: 0px; margin-left: 0.5em;"><div><br></div><div>=0A</div></blockquo=
te></div></div></blockquote></body></html>
------=_001_NextPart712010243611_=------