We are using the stock AFS 3.5 with the default kaserver
(client
side) on Linux and Solaris. We are moving to AFS home
directories,
and we want to use ssh exclusively for logins.
We used Dug Song's ssh patch w kth4-0.9.9 (can't get kth4-0.10
to work,
although it compiles okay ).
AFS token passing between two clients seems fine, but it seems
to
require /etc/srvtab file and rcmd principal in the ka database
(not
PTDB). Creation of /etc/srvtab file is problematic. ksrvutil in
kth4
distribution appears to generate keys that are different from
those
created by kas create. (Tried all combinations of -r and -c
options in
ksrvutil). Resorted to creating the key with "kas stringtokey,"
inserting the key in kadb with "kas setkey" and creating
/etc/srvtab
"by hand".
Questions :
1) Is what we are doing correct ?
2) Is there a better way to generate /etc/srvtab ?
and/or
3) Is it better to just swap out kaserver with stock MIT Kerberos
4
(long term compatibility, bugs, well supported/used ,etc ?)
or
4) Is it better to just upgrade to MIT Kerberos 5 ?
(Issues with 3 and 4 include support/compatibility with AFS both
short term
and long term.)
or
5) Is it better to just chuck the mess and "upgrade" to DFS ?
Thanks in advance.
--
**************************************************************************
Morris Strongson, RHIC, USAtlas Projects Telephone: (516)344-4192
Information Technology Division (fka CCD) Facsimile: (516)344-7688
Brookhaven National Laboratory Internet: [EMAIL PROTECTED]
Building 515, Upton, NY 11973-5000 WWW: http://www.ccd.bnl.gov/
**************************************************************************
