hello,
Is there a doc/guideline that explains how to set up kerberos5 so that
it works with OpenAFS ? (I am looking for something like , do this that
and than this.. tada; done) That way I don't have to experiment and
run into surprises later.
thanks,
Ron
--
Ron Croonenberg wrote:
hello,
Is there a doc/guideline that explains how to set up kerberos5 so that
it works with OpenAFS ? (I am looking for something like , do this that
and than this.. tada; done) That way I don't have to experiment and
run into surprises later.
thanks,
Ron
I
There is some doc up at
http://www.dementia.org/twiki/bin/view/AFSLore/KerberosV ; I do
remember seeing a step by step guide at some point; googling might
find it.
AFAIK there is no real tie in between OpenAFS/KerberosV and LDAP - AFS
keeps track of its own groups and other directory information
I just want to know that how openafs work in a network where kerberos and ldap
reside. are there any web sides that demonstrate it all operations step by
step.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
I'd like to register for the conference, but the credit card payment
page is not SSL encrypted...
--
Robert Petkus
Brookhaven National Laboratory
Physics Dept. - Bldg. 510A
Upton, New York 11973
Tel. : +1 (631) 344 3258
Fax. : +1 (631) 344 7616
http://www.bnl.gov/RHIC
Well, the frame is https (https://acis.as.cmu.edu/cc/gather_info.cgi) --
still, probably a good idea to fix this.
Robert
Robert Petkus wrote:
I'd like to register for the conference, but the credit card payment
page is not SSL encrypted...
___
Sadly, the page used [from acis.as.cmu.edu] is out of our control. I
can complain to CMU about it, but who knows what will happen.
[The info for the page does claim that it is AES-256 256 bit
encrypted, if that means anything.]
On 5/11/06, Robert Petkus [EMAIL PROTECTED] wrote:
Well, the
Anyone know the status of this years workshop? I'd like to know the price
and how to register. The website is a bit lacking in that area.
Rodney
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
On 5/2/06, Rodney M Dyer [EMAIL PROTECTED] wrote:
Anyone know the status of this years workshop? I'd like to know the price
and how to register. The website is a bit lacking in that area.
That's my favorite thing about you, Rodney, your undending patience :-P.
Registration will be up in a
Hallo,
i want to replace the OpenAFS authentication with kerberos, do i have to
rebuild the source ? i installed the rpm packages
Danke...
Amir Saad
Informatik Ingenieur
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https
On Wednesday, November 23, 2005 10:23:25 AM -0800 Russ Allbery
[EMAIL PROTECTED] wrote:
Jim Rees [EMAIL PROTECTED] writes:
What bothers me is that you can't delegate credentials unless you have
used those credentials for login.
The OpenSSH folks consider this to be a security
The solution to 1) :
Have the 'authorized_keys' file in another subdir
(say $HOME/public/ ) with acl system:anyuser rl and patch
auth.c + auth-rsa.c to additionally look there (if not root).
The afstokenpassing is still needed.
Best regards / Mit freundlichem Gruss
Rainer Laatsch
Forgive me asking this question here, though it is related to
OpenAFS only indirectly.
For a long time we were using patched openssh to transfer AFS
authentication between machines. This involved using a local
patch, which we maintained up to 3.7.1, and transferred AFS
tokens using ssh protocol
Am Mittwoch, 23. November 2005 16:09 schrieb ext Dr A V Le Blanc:
(1) It won't allow a user whose home directory is in AFS to
authenticate using ssh keys, even if he has Kerberos
tickets to transfer.
Should work if the ssh key is stored in LDAP.
Bye...
Dirk
--
Dirk
(1) It won't allow a user whose home directory is in AFS to
authenticate using ssh keys, even if he has Kerberos
tickets to transfer.
You can fix this by setting StrictModes no in your sshd_config.
What bothers me is that you can't delegate credentials unless you have used
those
* Dr A V Le Blanc [2005-11-23 15:09:33 +]:
The GSSAPI support in the recently released openssh 4.2 appears
mostly to do what we need: with proper configuration, an ordinary
user can pass Kerberos tickets to a remote machine, where a PAM
module gets tokens using aklog. So far as I can see,
A V Le Blanc [EMAIL PROTECTED] writes:
When we upgraded from using the kaserver to using Heimdal, we
could use the Kerberos support patched into openssh 3.8.1
in the Debian ssh-krb5 package. This package is rather buggy
and not actively maintained, but it seemed an adequate interim
measure
Jim Rees [EMAIL PROTECTED] writes:
What bothers me is that you can't delegate credentials unless you have
used those credentials for login.
The OpenSSH folks consider this to be a security requirement, although I
don't really understand why.
--
Russ Allbery ([EMAIL PROTECTED])
Why not using solely ssh?
Mit freundlichem Gruss
Rainer Laatsch
__
E-mail: [EMAIL PROTECTED] Universitaet zu Koeln
Reg. Rechenzentrum (ZAIK/RRZK)
Fax : (0221) 478-5590
I've recently tampered with krshd, login.krb5, and telnetd source code,
successfully making it to obtain afs-tokens.
Obviously, krshd and telnetd do this after (and if) the user has
forwarded her credentials on the daemon's side.
I can't guarantee any quality on the way i did this, but it's usable
On Mon, 10 Oct 2005 17:32:33 +0200 (MEST), R.Laatsch
[EMAIL PROTECTED] said:
Why not using solely ssh?
Mit freundlichem Gruss
Rainer Laatsch
__
E-mail: [EMAIL PROTECTED]Universitaet zu Koeln
21 matches
Mail list logo