I'm a little confused about kimpersonate. I realize it's
not OpenAFS code, but maybe someone can explain further:
kimpersonate -s host/[email protected] \
-c [email protected] -5
"will create a Kerberos 5 ticket for [email protected] for
the host hummel.e.kth.se if there exists a keytab entry
for it in /etc/krb5.keytab"
So:
a) Extract the key for afs/OUR.ORG into /etc/krb5.keytab
once the host was fully secured
b) kimpersonate -s afs/OUR.ORG -c [email protected] -5
c) aklog
No?
Can't modern MIT kinit do the same thing?
On 12/30/2010 4:00 PM, Jeff Blaine wrote:
Thanks for all of the replies.
I would like to document the various methods as I am investigating
this.
From Samba 3.5.6 configure:
--with-afs
Kerberos v4 auth via native AFS libs.
Requires cleartext SMB password.
Useful, albeit insecure, no less than 5+ years ago.
--with-fake-kaserver
What the heck is this? I know what fakeka is. I don't
know enough to make sense of the spots where I find
WITH_FAKE_KASERVER defined in the Samba source.
Is this support for authenticating only to a fakeka, which
as I understand it would gain you Kerberos v5 using crappy
old enctypes?
If so, that would mean it's useless for those not running
(or wanting to run) fakeka. We don't.
kimpersonate
Haven't even looked into it yet. Will, and will doc.
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
