>Yes it can be done without Kerberos and use X509 certificates >and TLS. GSI implements a GSSAPI mechanism that uses X509 >certificates and TLS to authenticate. The gssklog program on the >client uses the gssapi to authenticate to the gssklogd running on >the AFS database servers. The gssklogd returns an AFS token to the >client.
>gssklog can be used with any GSSAPI SO if you have so other >implementation it should work. It also works with Kerberos GSSAPI >implementations such as MIT, Heimdal, SEAM and Microsoft SSPI. >And it runs on Windows. >So with AFS you don't need a kaserver, but still need the PTS >or some replacement for it. The AFS token is still Kerberos, but the >user never sees this, only the gssklog program which passes it off >to the kernel. >In effect the gssklogd is issuing AFS tokens which are in effect >Kerberos >tickets used internally by AFS only. Thank you, i will see ... Have you see an implementation to use with ldap ... because at ftp://achilles.ctd.anl.gov/pub/DEE/README.GSSKLOG , we can use kerberos but not ldap ... thx in advance Acc�dez au courrier �lectronique de La Poste : www.laposte.net ; 3615 LAPOSTENET (0,34�/mn) ; t�l : 08 92 68 13 50 (0,34�/mn) _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
