[OpenAFS-port-darwin] How to avoid 524 with the Mac plug-in
Ragnar Sundblad
ragge@nada.kth.se
Tue, 03 May 2005 01:10:51 +0200
--On den 2 maj 2005 11:02 -0700 "Henry B. Hotz" <hotz@jpl.nasa.gov> wrote:
> The KTH plug-in isn't
> being maintained, but looks like it at least knows Kerb 5 exists.)
Correct, it isn't being maintained, at least not at the
moment. And yes, it mainly uses krb5.
It is built on the krbafs lib from MIT
<http://web.mit.edu/openafs/krbafs/> which hasn't been
updated in a long time, so it doesn't know the "local"
way of doing AFS 2b (putting a krb5 ticket in the pag,
after some kind of chewing and stomping on it to make
it fit, or whatever it is one has to do).
It does, though, do everything in kerberos 5 only, except
that it does a final server-based 524 on the afs ticket.
With the current (and pretty old) version of it, you
should be able to be pretty much krb5 only if you just
also allow 524.
One solution would probably be to pull krb5_afslog (with
friends) from heimdal and use that instead of the krbafs lib.
An even better solution would be if someone updated the
krbafs lib. :-)
/ragge