Hello!
As the subject says, the Aetey Global Technologies' Coda client installer
has been updated. The included clog is capable of using
- Kerberos password
- Kerberos keytab
- Kerberos TGT in the credentials cache
As usual with the modular clog, method-specific options are to be placed
after the [EMAIL PROTECTED] argument, so you may use
clog [EMAIL PROTECTED] (will not ask for a password if you have a
cached TGT
for the Kerberos realm trusted by Coda realm yyy.zz)
clog [EMAIL PROTECTED] -tgt only (will not ask for a password even if you
lack TGT)
clog [EMAIL PROTECTED] -tgt no (will ignore TGT and always ask for a
password)
Similarly:
clog [EMAIL PROTECTED] -keytab /etc/krb5.keytab (handy for putting into
crontab to refresh the host's
tokens)
The Coda client (and server) download links are as usual on
http://www.aetey.se/index.php?Static&pg=CodaInstHowto
Some background:
Kerberos interoperability does not need any configuration nor extra libraries
on the client hosts. Both the hosts and the Coda users stay happily unaware
of which Kerberos realms are involved in which Coda realms.
To accomplish this, a trivial extra service is used on the Coda servers.
(Note, there is no implicit relation between the names of Coda
realms and the Kerberos ones. Unlike AFS, one Coda realm can easily and
transparently use services of several Kerberos realms.)
[EMAIL PROTECTED] above may look like bob/[EMAIL PROTECTED] - "hq" being the
nickname
for the headquarters' Kerberos realm CENTRAL.YYY.ZZ and "bob" being a principal
in that realm.
At the same time bob/[EMAIL PROTECTED] may be used by another person and refer
to a totally different Kerberos principal "bob" in Kerberos realm
FRANCE.BRANCH.YYY.ZZ
A Coda account for a host in the European branch would look like
host/host123.france.yyy.zz/[EMAIL PROTECTED]
Regards,
Rune
