Dear AFS users, I am trying to migrate our AFS to Kerberos 5 Authentication. The intention is to use a W2k KDC for AFS authentication. The problem is that I haven't been able to find any concise documentation about the procedure to acomplish either of these two tasks.
1) All available documentation and posts imply that I should be using krb5 kinit in conjuction with aklog, or the modified klogin/kinit in afs-krb5 package to obtain AFS tokens. We use pam_afs to obtain tokens in our current installation. Is it able to accomplish this task? It seems that pam_krb5 alone wouldn't be enough. Has anybody did it? We need to authenticate Linux, Solaris, HP-UX and Windows clients. I have found Doug Engert's GSSKLOG. At first look, it seems like it can be help on this. 2) Trying to compile the latest NRL AFS-Kerberos 5 migration kit, obtained from grand.central.org, the monster patch does not apply cleanly to none of the MIT krb5 packages I have been able to find. It also seems that it applies only to krb5 1.2.7. kerberos 5 1.2.8 though, includes some very important security fixes. How important is the monster-patch for correct operation of AFS with krb5? Has the monster-patch been ported to 1.2.8? 3) Assuming I can finally get AFS to work with krb5, how can I authenticate from a W2k KDC? Can krb524d be used to authenticate against a w2k KDC, or I need two KDCs and cross-realm authentication? Are there any documents detailing the necessary steps? Thank you very much, -- Christos Ricudis [EMAIL PROTECTED] Systems Administrator +30-2310-998305 IT Support Center Aristotles University of Thessaloniki, GREECE _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
