[EMAIL PROTECTED] (Isaac Hollander) writes:
>I remember several months back there was discussion on info-afs and
>on comp.protocols.kerberos about the API issues involved in writing
>an aklog for kerberos 5. Has anyone gotten ak5log working? Is it
>available by ftp?
Yes, I have got it working, and it is available via Anonymous FTP at
achilles.ctd.anl.gov:/pub/kerberos.v5/*
There you will find a number of diff files including:
aklog.cdiff.940811 - changes to the aklog program aklog_main.c
aklog_param.c and the Makefile.
k542.cdiff.940816 - Changes to K5.4.2 of which you need the changes
to add debug_decl.c and krb_err_txt.c to the libkrb425.a and
changes to krb5_edit.c, and krb524d.c
The following must also be done:
o You will need to run krb524d on the K5 server.
o Your AFS cell and Kerberos Realm must have the same name
(The cell name is lower case and the realm name is upper case.)
o You need to add afs@realm as a K5 principal with the key and kvno
that is in the /usr/afs/etc/KeyFile. (Use the modified kdb5_edit.c)
o Your AFS users should be in the PTS, but don't have to be in the
Kaserver.
The intent of these changes was to use the V5 protocols, and
the V5 credentials cache, so having done a Kinit for K5 or using
a forwarded ticket, you can get a ticket for afs@realm and
use krb524d to convert it to a K4 ticket which is then converted by aklog
to an AFS token. Note the V4 ticket is not saved. (I also got this to work
with cross realm authentication, and forwarded tickets.)
This version really needs to be cleaned up, since I had to add the
kerberos V4 krb_err_txt.c file for errors. The program should
use the V5 error messages. I told Ted Tytso I would get back to this
but have not found the time.
If you find this useful, drop me a note. I will also
be at Decorum next month.
Douglas E. Engert
Systems Programming
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(708) 252-5444
Internet: [EMAIL PROTECTED]
