Re: [OpenAFS] Installing 1.4.0RC4 to use SEAM Krb5

Mon, 19 Sep 2005 16:10:18 -0700 


Coy Hile wrote:


On Mon, 19 Sep 2005, Douglas E. Engert wrote:



Date: Mon, 19 Sep 2005 15:13:00 -0500
From: Douglas E. Engert <[EMAIL PROTECTED]>
To: Coy Hile <[EMAIL PROTECTED]>
Cc: [email protected]
Subject: Re: [OpenAFS] Installing 1.4.0RC4 to use SEAM Krb5

Also as said, I was using gssklog, that uses a standrd API that does
not have these problems.

I build from AFS, and $K5BUILD point into our cell where these
where at. $SYS is in effect @sys i.e. sysname of sun4x_510




Let me pose another question.  Let's assume that I have my PAM stack
setup like you mentioned in your first mail (and end up using gssklog
to do the krb5 to OpenAFS token stuff).  In itializing  the first machine
in my cell, what (if any) modifications do I need to make to the
instructions given here

http://www.openafs.org/pages/doc/QuickStartUnix/auqbg005.htm#HDRWQ50



The trick here is that all the AFS servers use the /usr/afs/etc/KeyFile.
(check the name of this file.) This contains a DES key and kvno that matches
the [EMAIL PROTECTED] and/or afs/[EMAIL PROTECTED] principals in the KRB5 
realm.  See recent
mail archives on how to set this key.

In effect the token is encrypted in this key, and the AFS servers encrypt
traffic among themseleves using this key from the KeyFile.


under the sections "Starting the Database server processes",
"initializing cell security" and "starting the fileserver, Volume
Server and Salvager" to ensure that my krb5 installation is used
for authentication and authorization? Unless I am misunderstanding
setting up the cell security, some non-krb5 password ends up getting
used for auth.

Apologies for the innane questions, but parts of this take a while to
get one's head around the first time.



Having used AFS in congunction with KRB5 for years, it appears obvious,
but to a new ommer, these steps should be documented. (It may already be.
I have not looked.)


--

 Douglas E. Engert  <[EMAIL PROTECTED]>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info














    











					Reply via email to