[OpenAFS] About the upgrading from Kerberos 4 to Kerberos 5
Ken Hornstein
kenh@cmf.nrl.navy.mil
Tue, 15 May 2018 12:05:19 -0400
>We are working on the upgrading of Openafs Kerberos 4 to KDC 5. We
>checked some documents to know we have to use afs2k5db tool to convert
>users in K4 to KDC 5. But it's really a pain to compile it with
>Openafs-1.4.14-1 and krb5-server-1.10.3-65.el6.x86-64 due to the
>incompitable of the higher version of krb5 and AFS.
So, I wrote afs2k5db ... and damn, I didn't realize anyway still wanted
to use it now! (really, it is ... what, 15 years old at this point?) I
guess if I had to do it over I'd have it output a krb5 dump file format
which would have been harder to write, but more portable.
In theory it should be possible to update it, but you're going to
have to look at a lot of source code on both the AFS side and Kerberos
side to figure out what has changed. Compiling against an older version
of Kerberos and/or AFS (like Jeff Altman suggested) might be easier.
--Ken