Steven, you may be able to use the ‘-524’ flag with ‘aklog’ to achieve what you are asking.
-524 Normally, aklog generates native K5 tokens. This flag tells aklog to instead use the krb524 translation service to generate K4 or rxkad2b tokens, which may be necessary for AFS cells that don't support native K5 tokens. Support for native K5 tokens were added in OpenAFS 1.2.8. -Brian From: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] On Behalf Of Steven Mikes Sent: Thursday, April 07, 2016 2:00 PM To: openafs-info@openafs.org Subject: [OpenAFS] Request for Assistance with OpenAFS Hi All, I am attempting to access an AFS cell which I believe is still using Kerberos V4. Existing machines in the cell use the 'klog' command (klog.krb) to obtain tokens. I'm running Ubuntu 14.04.2 with openAFS 1.6.17, and cannot figure out how to authenticate. The /usr/bin/klog in my install is symlinked to /etc/alternatives/klog, which is itself linked back to /usr/bin/klog.krb5, so there doesn't see to be a v4 version of the command at all. I know it was deprecated for security reasons and V5 is the recommended authentication method, but the cell I need to connect to is still on V4. Is there a way to configure krb5 so I can obtain tokens? I have tried various options in the /etc/krb5.conf file with no luck yet. Any help is much appreciated. -Steven Mikes