Derek T. Yarnell wrote:
Ok, I understand that ever since 1.2.8, openafs understands a new 2b
format token. So my question is this, I currently have 1.2.13 running on
RHEL3, with MIT 1.3.6 as the kerberos servers. I currently use the
pam_krb5afs (or pam_krb5) pam module to authorized via krb5 then
retrieve afs tokens.
What is being done in OpenAFS for Windows with MIT Kerberos for Windows is to use the krb5 ticket directly as the AFS token. This requires no transformation of the Kerberos ticket unlike the use of 2b tokens or Kerberos 4 tokens.
I believe you will need a modified version of aklog or pam_krb5afs to use this functionality on Unix.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
