On Wednesday, April 27, 2005 04:18:18 PM -0400 Jeffrey Altman <[EMAIL PROTECTED]> wrote:
Raghu S wrote:
Thanks for the response.
We are not using IBM Kerberos. We are just using kaserver authentication. Server (1.2.11) installed on Redhat 3. Windows clients uses OpenAFS client 1.3.77 to connect to their file space. Maximum consecutive unsuccessful authentications value is ineffective for windows users.
Do we have to install MIT kerberos to resolve this? Do we have to consider using MIT kerberos because kaserver going to be discontinued in near future?
Thanks Raghu
The OpenAFS for Windows authentication to kaserver uses IBM's implementation of Kerberos 4 over UDP. It does not use the kauth (krb4 over rx) implementation.
The key thing here is that the kaserver speaks both straight krb4 and an AFS-specific rx-based authentication protocol. While UNIX clients use the AFS-specific protocol, Windows clients speak essentially unmodified krb4 to the kaserver.
Unfortunately, due to the design of the Kerberos v4 protocol, the kaserver is unable to tell when clients authenticating using krb4 fail because of a bad password. Thus, it cannot update the failed-authentication counter in the authentication database or lock out accounts with too many failed authentications.
-- Jeff _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
