On 8/4/2014 6:38 AM, chas williams - CONTRACTOR wrote:
On Fri, 1 Aug 2014 17:35:15 -0500
Troy Benjegerdes wrote:
The problem with AFS seems to be everyone who knows you need to 'kinit ; aklog'
and it's been so long we have all forgotten the experience of what it was like
before we realized t
On Fri, 1 Aug 2014 17:35:15 -0500
Troy Benjegerdes wrote:
> The problem with AFS seems to be everyone who knows you need to 'kinit ;
> aklog'
> and it's been so long we have all forgotten the experience of what it was like
> before we realized this.
It has been a while but I believe I was told
Troy Benjegerdes wrote:
> The problem with AFS seems to be everyone who knows you need to 'kinit ;
> aklog' and it's been so long we have all forgotten the experience of what it
> was like before we realized this.
If aklog uses add_key(), then request_key() will find that and use it if it's
pres
On Fri, 1 Aug 2014, Troy Benjegerdes wrote:
The problem with AFS seems to be everyone who knows you need to 'kinit ; aklog'
and it's been so long we have all forgotten the experience of what it was like
before we realized this.
Hmm, it is interesting that we don't seem to have heard from any s
On Fri, Aug 01, 2014 at 10:44:29PM +, Brandon Allbery wrote:
> On Fri, 2014-08-01 at 17:35 -0500, Troy Benjegerdes wrote:
> > So why don't we use the kernel keyring on Linux, and the built-in OS support
> > on both MacOS and Windows for Kerberos to grab the key that matches the
> > default rea
On Fri, 2014-08-01 at 17:35 -0500, Troy Benjegerdes wrote:
> So why don't we use the kernel keyring on Linux, and the built-in OS support
> on both MacOS and Windows for Kerberos to grab the key that matches the
> default realm? If you have weird situations, or where administrators feel
> they mu
On Fri, Aug 01, 2014 at 03:15:26PM +0100, David Howells wrote:
> chas williams - CONTRACTOR wrote:
>
> > Not impossible for Linux. I believe that the Linux keyring code
> > allows for down calls from the kernel to user space in order to ask
> > something to insert the appropriate keys (see keys-
chas williams - CONTRACTOR wrote:
> Not impossible for Linux. I believe that the Linux keyring code
> allows for down calls from the kernel to user space in order to ask
> something to insert the appropriate keys (see keys-request-key.txt in
> the Linux kernel).
Yes. request_key() will call ou
On 08/01/2014 01:02 PM, chas williams - CONTRACTOR wrote:
On Thu, 31 Jul 2014 15:29:47 -0500
Andrew Deason wrote:
The first time I heard this I was a bit surprised, but that may be just
because I'm very used to the 'aklog' approach and find it intuitive. You
need to tell the kernel what creden
On Thu, 31 Jul 2014 15:29:47 -0500
Andrew Deason wrote:
> The first time I heard this I was a bit surprised, but that may be just
> because I'm very used to the 'aklog' approach and find it intuitive. You
> need to tell the kernel what credentials you want it to use for AFS
> access; makes sense
On Thursday 31 July 2014 22:29:47 Andrew Deason wrote:
> Hi all,
>
> I've had a few users and administrators complain to me from time to time
> about the existence of 'aklog'. (By 'aklog' I really mean any mechanism
> to convert krb5 tickets to AFS tokens, but I'm referring to them all as
> 'aklog
On Thu, 2014-07-31 at 15:29 -0500, Andrew Deason wrote:
> The alternative is to effectively "guess" what credentials we should
> be
> using, which is what NFSv4 does (rpc.gssd). That is, all you need to
> do
> to authenticate is to run a plain 'kinit' or equivalent (with no
> knowledge of AFS/NFS),
On Linux, we use krb5-auth-dialog with its aklog plugin.
Krb5-auth-dialog auto renews tickets and tokens, which is really nice
(no need to run a separate krenew).
On Mac (and replaced with krb5-auth-dialog for Linux), we use my now
quite old AFSTokens application as an all-in-one app. Like I said,
Hi all,
I've had a few users and administrators complain to me from time to time
about the existence of 'aklog'. (By 'aklog' I really mean any mechanism
to convert krb5 tickets to AFS tokens, but I'm referring to them all as
'aklog' for simplicity.) The need for an AFS-specific authentication
step
14 matches
Mail list logo