[8561] in Info-AFS_Redistribution

home help back first fref pref prev next nref lref last post

Re: [OpenAFS] OpenAFS Project List

daemon@ATHENA.MIT.EDU (Derrick J Brashear)
Wed Mar 14 10:32:39 2001

Date: Wed, 14 Mar 2001 10:27:12 -0500 (EST)
From: Derrick J Brashear <shadow@dementia.org>
To: info-afs@transarc.com
cc: openafs-info@openafs.org
In-Reply-To: <Pine.GSO.4.10.10103140921400.3219-100000@titan.physics.unc.edu>
Message-ID: <Pine.LNX.3.96L.1010314102521.11871T-100000@scully.andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Wed, 14 Mar 2001, Stephen Joyce wrote:

> has significant security problems--fixed in the newest versions.  (We also
> have an issue where Windows clients fail miserably when authenticating
> against our krb5-bastardized AFS cell, but the lack of discussion of this
> issue leads me to believe that this is either a local problem or else very
> few sites are actively using the migration kit).

You need to make sure that in addition to the afs3 keys you have, that you
also have krb5-salted keys in your database, because that's what Windows
expects to see. I know this works correctly with Heimdal, because we're
using that for a KDC with krb4-salted and krb5-salted keys (we moved our
AFS cell to krb4-salted keys several years ago)

-D



home help back first fref pref prev next nref lref last post