Joe Ramus wrote:
> Has anyone developed a single tool that will take a Kerberos 5
> ticket and create an AFS token?
"Rainer TOBBICKE (CN)" <[EMAIL PROTECTED]>
Asked a similar question, given a DCE ticket get a AFS token.
In AFS 3.3a there is a command called "dlog". I was under the impression
that is was used to get an AFS token from a DCE security server.
(I assume it is using the DCE RPCs, and not the Kerberos udp/88)
Hopefully it does not require the AFS/DFS Migration kit.
I have not found any man page on it yet.
The dlog -help shows:
Usage: dlog
-principal <user name>Y
-cell <cell name>Y
-password <user's password >Y
-servers <explicit list of servers>+Y
-lifetime <ticket lifetime in hh
:mmY>Y
-setpag Y
-pipe Y
-help Y
This looks very similar to the klog command.
I would like to be able to make implement DCE by first bringing up
the DCE security server, and have it issue tickets for
for my AFS cell which will be running in parallel. We would then
convert over all the user entries in the kaserver, and eventually
turn off the kaserver. Only then would I start to convert the AFS
data to DFS.
It looks like the dlog command would fit right in with this plan,
and would simplify the conversion by not having to have an aklog
type command.
Transarc,
Where is the man page for the dlog command?
As part of the Cross Realm Authentication project, we developed
an aklog which used the K5.4.2 KDC to get a K5 ticket for AFS,
then used krb524 to convert it to an AFS token. We were also able
to use a forwarded K5 ticket to get an AFS token. An addition project
which Joe, myself and others are working on is to us the DCE
security server as the K5 KDC. We have had some success. One of the
next steps is to try the modified aklog with a krb524d and the afs
principal in the DCE security server. I am waiting for the Kerberos
5.5 which is due out this month before testing this.
This should address Rainer Tobbicke's question.
If anyone is interested in this, drop me a note.
Douglas E. Engert
Systems Programming
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(708) 252-5444
Internet: [EMAIL PROTECTED]
