What is needed to run Arla under FreeBSD 3.1?

[Brandon S. Allbery KF8NH]

In message <5lk8vceusk.fsf at assaris.sics.se>, assar at stacken.kth.se writes:
+-----
| Randy Philipp <randy at umbc.edu> writes:
| > 	How would on intergrate arla into a Krb5/AFS environment?
| 
| It shouldn't be any different from a Transarc client (as Love already
| told you).  And the common way of doing this is to use a 5-to-4
| translator which would allow you to get a v4 ticket for `afs' from
| your v5 KDC and then stuff that into the kernel.  This is the way that
| `kauth' from heimdal <http://www.pdc.kth.se/heimdal> works.  I believe
| there are similar ways of doing it with MIT krb5 (possibly with the
| AFS-KRB5 kit).
+--->8

You have to build krb524d and krb524init with MIT Krb5.  Note that krb524d is
rather delicate (as of 1.0.5); it falls over whenever the KDC is locked for
an update, so you pretty much have to run it from a shell script that
respawns it automatically.  Once you have this converted v4 ticket you can
use aklog to stuff it into the kernel.

The AFS-KRB5 patches make this semi-automatic based on entries in
/etc/krb5.conf.

That said, it's ugly.  Then again, the equivalent "semi-automated" code
doean't appear to have made it into heimdal yet... but a heimdal KDC can run
in Krb4 mode, and it looks like KTH krb4 will talk to it fairly well (not
tested with recent Heimdal, hopefully that happens next week :-)

-- 
brandon s. allbery	[os/2][linux][solaris][japh]	 allbery at kf8nh.apk.net
system administrator	     [WAY too many hats]	   allbery at ece.cmu.edu
carnegie mellon / electrical and computer engineering			 KF8NH
     We are Linux. Resistance is an indication that you missed the point.