[4676] in Kerberos

home help back first fref pref prev next nref lref last post

Re: MIT Krb V/IV and AFS Krb

daemon@ATHENA.MIT.EDU (Doug)
Thu Feb 23 12:38:36 1995

Date: Thu, 23 Feb 95 11:21:46 CST
From: "Doug" <Engert@anl.gov>
To: <KERBEROS@MIT.EDU>

In response to a recent inquiry about Kerberos and AFS:


We have been using MIT clients with the AFS Kaserver as the KDC.
We run a modified version of the kadmind which issues "kas
setkey" commands to update kaservers database with keys generated
from the MIT string_to_key routine. Note that klog will accept
either. We use the unmodified aklog program as well.

We have also been involved with a DOE ESnet Authentication
Project and have modified the MIT aklog to use the Kerberos V5
protocols to obtain a K5 ticket for AFS from the K5 KDC. We were
using K5 Beta4 release 2. It then uses the krb524 routines to
contact the krb524d daemon. The returned K4 ticket is converted
to an AFS token and stuffed in the kernel. This removes the need
to have any other K4 code on the client, and allows forwarded K5
tickets to be used to obtain an AFS token. (The code still needs
some work, since it is using the Krb425 routines and should call
the K5 routines directly.)

Our next step is to try using the MIT K5 clients with the OSF/DCE
security server, and use the modified aklog program to get AFS
tokens. (But AFS 3.3 has a "dlog" program which may do the same
thing.)

You can find diff files for these changes via anonymous FTP:
ftp://achilles.ctd.anl.gov/pub/kerberos.v4/* and kerberos.v5/*


The Authentication Report can be found at:
 WWW:
  http://www.es.net/pub/esnet-doc/auth-and-security/auth-pilot-report.ps

 Gopher:
  gopher://gopher.es.net/00/pub/esnet-doc/auth-and-security/
                                                    auth-pilot-report.ps

 Anonymous FTP:
  ftp://ftp.es.net/pub/esnet-doc/auth-and-security/auth-pilot-report.ps

 AFS:
  /afs/es.net/nic/pub/esnet-doc/auth-and-security/auth-pilot-report.ps

 Read-Only NFS:
  nfs.es.net:/esnet-nic/pub/esnet-doc/auth-and-security/
                                                    auth-pilot-report.ps

 DECnet Copy:
  esnic::esnet-doc/auth-and-security/auth-pilot-report.ps

           Douglas E. Engert
           Systems Programming
           Argonne National Laboratory
           9700 South Cass Avenue
           Argonne, Illinois  60439
           (708) 252-5444

           Internet: DEEngert@anl.gov
home help back first fref pref prev next nref lref last post