> >Folks: Has anyone modified Cygnus Network Security (CND Kerberos V4) to
> >support AFS? In particular:
> >[...]
>
> I know it's not what you want, but I've done a fair amount of integration
> between Kerberos 5 (beta 7 from MIT) and AFS. For example, forwarding your
> TGT to a remote telnetd works, and you automatically get an AFS token
> when that happens. You have to run a MIT KDC, though (but that's probably
> better than the kaserver :-) ).
We have a number of patches that you may consider interesting. In
particular...
- add krb_life_to_time() to handle lifetime computations
- apps and utilites that come with Kerberos use krb_life_to_time()
- kinit understands the AFS string-to-key, and how to try more than
one string-to-key function (for realms where not all keys were
generated with the same algorithm).
I believe CMU Computing Services has a version of telnet that does
TGT-passing, but I don't know whether it's in a form that can be
redistributed. Naturally, this only works if you are using a kaserver,
since the MIT KDC checks IP addresses.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]>
Systems Programmer, CMU SCS Research Facility
Please send requests and problem reports to [EMAIL PROTECTED]
