>Will pure V5 work with AFS, once implementation of all this new
>stuff is nailed down? Am I right that the classic krb524d AFS
>support depends on V4 keys in the V5 KDC?
Actually, you don't need _any_ V4 or AFS keys to make krb524d work. Note
that a "V4" key or an "AFS" key is a misnomer ... wh
Quoth [EMAIL PROTECTED] (Sam Hartman):
|> "Josh" == Josh Huber <[EMAIL PROTECTED]> writes:
...
| Josh> I like the thought of more integration of AFS and krb5.
|
| Not surprisingly those of us who worked on this proposal had similar
| motivations.
Excellent. I'm encouraged enough by all th
> "Josh" == Josh Huber <[EMAIL PROTECTED]> writes:
Josh> Now, I looked at the release notes for OpenAFS 1.2.7, and it
Josh> didn't mention anything like this feature -- what verison of
Josh> OpenAFS supports this new token format?
Someone had to come first in supporting this f
Sam Hartman <[EMAIL PROTECTED]> writes:
> Except that your info is out of date. Quoting the 1.2.6 README:
> [...]
This is good information. Helped me fix this exact problem last night
when I upgraded my KDC.
Now, I looked at the release notes for OpenAFS 1.2.7, and it didn't
mention anything
We haven't had problems with it. We've only recently started rolling
out OpenAFS.
> "Klaas" == Klaas Hagemann <[EMAIL PROTECTED]> writes:
Klaas> Hi Cesar, thanks for your quick help. I supposed, i woould
Klaas> have searched a long time for this bug. But with your
Klaas> patch, the krb5
> "Klaas" == Klaas Hagemann <[EMAIL PROTECTED]> writes:
Klaas> Hi, concerning the documentation, i have to add an pam_afs
Klaas> entry in the appdefaults-section of the krb5.conf file
Klaas> (src/krb524d/README). My Question: Do i only have to
Klaas> change the krb5.conf on th
>thanks for your quick help.
>I supposed, i woould have searched a long time for this bug.
>But with your patch, the krb524d works good together with openafs?
The thing is (which is why I asked Cesar about it), we (and about a dozen
other people that I know) have been running without this patc
t;Ken Hornstein" <[EMAIL PROTECTED]>
To: "Cesar Garcia" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, October 18, 2002 5:53 AM
Subject: Re: afs-krb5 integration
> >There is also a bug in krb524d that does not set the kvno on the
> >returned
Not sure - I'm not exactly an AFS subject matter expert and I haven't
seen the AFS code that implements the key retrieval (from KeyFile)
and token validation.
When I first started looking at MIT's krb524, this was the first problem
we saw. [the 524 client setting the lifetimes incorrectly was the
>There is also a bug in krb524d that does not set the kvno on the
>returned V4 ticket. Here's a patch:
Interesting ... so what triggers this? I mean, it seems to work in
normal circumstances ...
--Ken
Kerberos mailing list [EMAIL PROTECT
>Except that your info is out of date. Quoting the 1.2.6 README:
I _did_ say, "the only one I've ever seen", thankyouverymuch.
--Ken
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
> "Ken" == Ken Hornstein <[EMAIL PROTECTED]> writes:
>> i have strange problems in integrating openafs into krb5. I
>> use openafs 1.2.7 and kerberos 1.2.6 for the slave-server and
>> 1.2.4 for the kerberos master/admin server. I checked
>> everything with these key-versions
> At the end of the day, there is a ticket in a Keyfile that does not agree
> with the service ticket stored in your KDC. This is the ONLY possible
> cause of this error (at least, the only one I've ever seen).
That is not the problem i meant.
It works fine with my krb5-1.2.4 kerberos master serv
There is also a bug in krb524d that does not set the kvno on the
returned V4 ticket. Here's a patch:
$ diff -c krb524d.c.orig krb524d.c
*** krb524d.c.orig Thu Oct 17 13:37:30 2002
--- krb524d.c Thu Oct 17 13:39:55 2002
***
*** 412,418
memset (key, 0, sizeof (*
>i have strange problems in integrating openafs into krb5.
>I use openafs 1.2.7 and kerberos 1.2.6 for the slave-server and 1.2.4 for
>the kerberos master/admin server.
>I checked everything with these key-versions (thanks to Derek on the openafs
>mailing lis), but it did not help.
>I always get "t
Hi,
i have strange problems in integrating openafs into krb5.
I use openafs 1.2.7 and kerberos 1.2.6 for the slave-server and 1.2.4 for
the kerberos master/admin server.
I checked everything with these key-versions (thanks to Derek on the openafs
mailing lis), but it did not help.
I always get "ti
16 matches
Mail list logo
