Steven Jenkins wrote:
Note that using klog + kaserver is one option, and that using kadmin and aklog is a different option -- you can't mix the two.
Actually you can in some situations, and is one conversion strategy, which we have used. It requires the AFS server's KeyFile to have two keys one from the kaserver and a second key from the K5 KDC with a different kvno. The user names have to be equivalent, or exist in only one or the other. In ours case the K5 realm name matches the cell name, making it simpler. Users could then use either klog or aklog if they had principals in both the kaserver and the K5 realm. But the passwords are not synced. As users convert to K5 the kaserver entries can be deleted.
As you discovered via googling, it's recommended that you use an external Kerberos infrastructure rather than klog + kaserver.
-- Douglas E. Engert <[email protected]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
