Yes I have the openafs-krb5 package. Should I try removing that one? Unfortunately the IT infrastructure in question is far outside of my influence, so it is what it is. Brian, I'm not sure what the kerberos realm would be in this case. Did AFS with kerb V4 use them at all? klist from an existing cell machine returns: klist: No credentials cache found (ticket cache FILE:)
On Thu, Apr 7, 2016 at 2:46 PM, Benjamin Kaduk <[email protected]> wrote: > On Thu, 7 Apr 2016, Steven Mikes wrote: > > > Hi All, > > I am attempting to access an AFS cell which I believe is still using > > Kerberos V4. Existing machines in the cell use the 'klog' command > > (klog.krb) to obtain tokens. > > I'm running Ubuntu 14.04.2 with openAFS 1.6.17, and cannot figure out how > > to authenticate. The /usr/bin/klog in my install is symlinked to > > /etc/alternatives/klog, which is itself linked back to > /usr/bin/klog.krb5, > > so there doesn't see to be a v4 version of the command at all. I know it > > was deprecated for security reasons and V5 is the recommended > > authentication method, but the cell I need to connect to is still on V4. > Is > > there a way to configure krb5 so I can obtain tokens? I have tried > various > > options in the /etc/krb5.conf file with no luck yet. Any help is much > > appreciated. > > Sounds like you have the openafs-krb5 package installed ... but I really > would recommend updating your infrastructure instead of removing that > package; Kerberos 4 provides no real security. > > -Ben > -- *Steven Mikes* Integrated Circuit Designer Global Foundries
