Derrick Brashear wrote:
On Dec 3, 2007 10:16 AM, Jeff Blaine <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
I'm trying to deduce the depth of effect from building
OpenAFS client tarballs with '--with-krb5-conf=...'
During our transition to krb5 auth, I'd like our clients
to have an OpenAFS allowing kaserver auth, but I obviously
want aklog in place for those willing to test krb5 + aklog.
Can anyone save me some testing time and comment on the
fesibility of that?
3 choices:
krb5kdc with fakeka (if mit) or with kaserver-compat enabled (if
heimdal) in place of kaserver
or
sync the key key between the kaserver and the krb5kdc
or
different realm name for krb5 and kaserver, and 2 keys (with different
kvnos) on all the afs servers.
Realm names can be the same. Just make sure kvnos are different.
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
