On Thu, 2003-06-05 at 14:42, Ken Hornstein wrote: > > In theory, if you're running a new enough OpenAFS (1.2.9 or greater), > you could modify aklog to simply store the V5 Kerberos ticket and > single-DES session key in the credential cache, instead of going through > the 524 translator. That falls under the "advanced topics" heading, and > if you're having trouble getting krb524d running then it may not be > for you.
I am running the latest version of OpenAFS -- 1.2.9. How sould I do this -- or has someone done this already ? > > One thing occurs to me ... you said you tried to get krb524d working with > a keytab. You _do_ know that once you extract the key into the keytab, > you need to then store that new key on the AFS fileservers, right? Let me explain that a bit further: Penn has a kerberos system, and I am able to addprinc, delprinc, etc on that. The server that is the kdc does not have a krb524d running. Now, on the machine that I am attempting to setup OpenAFS on, I used ktadd to add the keys for afs & afsadmin to /etc/krb5.keytab, and started 'krb524d -k' on the OpenAFS server. I modified krb5.conf to tell it that there is now a krb524_server and a new kdc on the OpenAFS server. I then used kinit to get a ticket for afsadmin, and then tried using aklog -- but aklog fails. -- Nicholas Henke Penguin Herder & Linux Cluster System Programmer Liniac Project - Univ. of Pennsylvania _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
