Steven, you may be able to use the ‘-524’ flag with ‘aklog’ to achieve what you
are asking.
-524
Normally, aklog generates native K5 tokens. This flag tells aklog
to instead use the krb524 translation
service to generate K4 or rxkad2b tokens, which may be necessary for
AFS cells that don't support native K5
tokens. Support for native K5 tokens were added in OpenAFS 1.2.8.
-Brian
From: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] On
Behalf Of Steven Mikes
Sent: Thursday, April 07, 2016 2:00 PM
To: openafs-info@openafs.org
Subject: [OpenAFS] Request for Assistance with OpenAFS
Hi All,
I am attempting to access an AFS cell which I believe is still using Kerberos
V4. Existing machines in the cell use the 'klog' command (klog.krb) to obtain
tokens.
I'm running Ubuntu 14.04.2 with openAFS 1.6.17, and cannot figure out how to
authenticate. The /usr/bin/klog in my install is symlinked to
/etc/alternatives/klog, which is itself linked back to /usr/bin/klog.krb5, so
there doesn't see to be a v4 version of the command at all. I know it was
deprecated for security reasons and V5 is the recommended authentication
method, but the cell I need to connect to is still on V4. Is there a way to
configure krb5 so I can obtain tokens? I have tried various options in the
/etc/krb5.conf file with no luck yet. Any help is much appreciated.
-Steven Mikes
