Hello,
While probably not the case I can only hope that the exclusion of the tools
is because they want to do a better job of inter operating with the KDC.
In my opinion that would mean dropping the need for aklog and asetkey.
After all aklog is basically a second authentication. Why can't the
authentication
take place the same way as say, using an IMAP server?. You access the
server,
( cd to /afs ) and get asked for your credentials. Since you, hopefully,
have a
tgt already from logging in you should be good to go. This whole concept is
pretty old in Internet time, its called single-sign on.
And asetkey simply puts the principal afs into a keyfile that afs knows how
to read. Well, make afs read the kerberos key file where it is as it is.
Sadly both are easier said than done. However, this makes the two tools
unnecessary. But, I'm guessing none of this will happen soon. And a more
likely reason they aren't included now is probably because no ones
gotten a round tuit yet. :)
Regards,
Earl Shannon
Timothy G. Flynn wrote:
Hello,
The announcement for openafs-1.4.0rc1 contains the following
statement :
"This release allows all Kerberos 5 KDCs including Microsoft Active
Directory to be the source of AFS client authentication."
While I have been able to get this working (without using krb524d)
doing so required using two tools which are not readily provided by
the openafs source distribution : aklog and asetkey. aklog is
included in openafs-1.4 but is not installed even when the source
distribution has been configured with the --with-krb5 (or
--with-krb5-conf) option. asetkey is not included with openafs and
must be installed from a separate package.
Is there another procedure for configuring krb5 authentication that
does not require these tools ? If so I have found no information on
the web concerning it ?
If not, would it not be advisable to distribute the required tools
with openafs given that most new installations are likely to want to
use krb5 authentication ?
This post refers to my experience with RC3. If these issues have
been addressed in RC4, which I have not yet installed, my apologies.
Thanks,
Tim Flynn
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
