avison48 wrote: > Greetings all, > > Couple questions to clarify, in learning about two very different AFS > contexts (old = IBM/TA 3.5 Win2K, new = OpenAFS RHEL4.5) > > I think this is true - with OpenAFS, there are AFS accounts & Kerberos > principals (entities/accounts so to speak) but only the Kerberos one has a > password. > Is that Correct? > > (That is the opposite of our current sytem where AFS accounts have nothing > to do with Kerberos AFACT - ) > > > Is this true: an OpenAFS "account" (made with pts createuser) can't > authenticate to AFS (that is to be able to use AFS dataspace) without a > Kerberos principal. Or if it can, how ? > > > Thank you! > It's coming along thanks to the kind help of people here!
pts createuser creates a mapping between an authenticated name and a numeric ID value assigned to a user. There is no authentication information provided there. The authentication either comes from the AFS kaserver (which is a variation on a Kerberos v4 KDC) or a native Kerberos realm. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
