John Hascall wrote:
John Hascall wrote:
Would it work to modify the KDC such that when it hands out
an afs/<cell>@REALM ticket for a TGT with a client name that
is in the sconv table (like my sysadmin/[EMAIL PROTECTED])
that it 'K4-izes' that name (to sysadmin/asw in this case) in the
returned ticket? (Thus obviating the need to futz with the code
on every AFS server.)
Or is that just too hideous?
Sounds like the tail waging the dog. There are KDCs used with AFS
that are not modifiable, and don't support any k4. You don't want to
fiddle with the K5 protocols either. the Its time to get AFS 'k5-izes'.
Yes, it would be lovely if AFS was 100% K5.
The hint was to the AFS developers, that it is time, and some of us
use KDCs that are not modifiable.
(If it was, all this would
already be working!) But, that's not something *I* can make happen.
I can, however, modify my KDC. And I'm not sure why I would
(a) care about KDCs used with AFS that are not modifiable, or
(b) care about lack of K4 support in the KDC.
Yes you can but then you have a local mod, and eventially AFS will
add the code to support k5 principals.
As Jeff said, aklog -524 would work or if you are still using
gssklog, the gssklogd has a mapping that would also work :-)
(No new work is being done on gssklog.)
You other fix, use single valued principals might be the best bet.
John
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
