Ok, I understand that ever since 1.2.8, openafs understands a new 2b
format token. So my question is this, I currently have 1.2.13 running on
RHEL3, with MIT 1.3.6 as the kerberos servers. I currently use the
pam_krb5afs (or pam_krb5) pam module to authorized via krb5 then
retrieve afs tokens.
--- krb5.conf
[pam]
forwardable = true
krb4_convert = true
addressless = true
afs_cells = csic.umd.edu
---
Obviously this converts the krb5 ticket to a v4 then it grabs a token:
[EMAIL PROTECTED]:~> klist
Ticket cache: FILE:/tmp/krb5cc_2174_1EkqYC
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
03/04/05 11:02:32 03/04/05 21:02:03 krbtgt/[EMAIL PROTECTED]
renew until 03/04/05 11:02:32
Kerberos 4 ticket cache: /tmp/tkt2174_sH1AbO
Principal: [EMAIL PROTECTED]
Issued Expires Principal
03/04/05 11:02:32 03/04/05 20:57:32 [EMAIL PROTECTED]
03/04/05 11:02:08 03/04/05 21:02:08 [EMAIL PROTECTED]
[EMAIL PROTECTED]:~> tokens
Tokens held by the Cache Manager:
User's (AFS ID 2174) tokens for [EMAIL PROTECTED] [Expires Mar 4 21:02]
--End of list--
Now, my question is this. How do I get it to just grab 2b tokens? Never
getting a v4 principal or token? How are people doing this? Can it be
done with the pam_krb5afs module? or something else?
Thanks
--
---
Derek T. Yarnell
University of Maryland
Computer Science Department Unix Staff
[EMAIL PROTECTED]
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
