Michael Norwick wrote:
Please forgive my ignorance. I have rtfm'd and googled. I have OpenAFS 1.3.81 loaded and working on 2 servers on FC3 using a locally built system from source (not RPM's). I also have Kerberos5 krb5-1.4.1 up and working on these same servers, one master, one slave, also locally built from source. My clients can klog OR kinit to any machine on the network and authenticate and access files in OpenAFS volumes in my local cell. Until I have authentication working properly I do not let them venture out into the greater world. My questions are as follows:
1. How do I get one key/token for the client. When building krb5 I did not enable V4 authentication heeding MIT's advice to move to krb5.
Krb5 builds with k4 compatability by default. You can enable or disable K4 in kdc.conf
I have made several attempts to build Ken H's 2.0 migration kit to get aklog and asetkey but so far have failed with well documented make errors (but little documented solutions). And looking at the source for krb5-1.4.1 and OpenAFS-1.3.81, I should be able to use fakeka to grant tokens to OpenAFS.
Yes Fakeka runs in the place of kaserver. What are your make errors?
2. When I do eventually open up access from my local cell to the world would it be advisable to have krb425 in order to
authenticate against way older servers?
3. In any event what is the proper appdefaults section krb5.conf notation for a krb5 kdc and OpenAFS 1.3.81?
4. How do I use fakeka?
Fakeka runs in the place of kaserver: /usr/local/sbin/fakeka &
Any references, links and patience are greatly appreciated.
Michael _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
-- Steve Devine Storage Systems Academic Computing & Network Services Michigan State University
301 Computer Center East Lansing, MI 48824-1042 1-517-432-7327
Baseball is ninety percent mental; the other half is physical. - Yogi Berra
_______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
