What is needed to run Arla under FreeBSD 3.1?
Jeffrey Hutzelman
jhutz+ at cmu.edu
Mon Apr 19 17:56:45 CEST 1999
> In message <5lk8vceusk.fsf at assaris.sics.se>, assar at stacken.kth.se writes:
> +-----
> | Randy Philipp <randy at umbc.edu> writes:
> | > How would on intergrate arla into a Krb5/AFS environment?
> |
> | It shouldn't be any different from a Transarc client (as Love already
> | told you). And the common way of doing this is to use a 5-to-4
> | translator which would allow you to get a v4 ticket for `afs' from
> | your v5 KDC and then stuff that into the kernel. This is the way that
> | `kauth' from heimdal <http://www.pdc.kth.se/heimdal> works. I believe
> | there are similar ways of doing it with MIT krb5 (possibly with the
> | AFS-KRB5 kit).
> +--->8
>
> You have to build krb524d and krb524init with MIT Krb5. Note that krb524d
> is rather delicate (as of 1.0.5); it falls over whenever the KDC is locked
> for an update, so you pretty much have to run it from a shell script that
> respawns it automatically. Once you have this converted v4 ticket you can
> use aklog to stuff it into the kernel.
>
> The AFS-KRB5 patches make this semi-automatic based on entries in
> /etc/krb5.conf.
>
> That said, it's ugly. Then again, the equivalent "semi-automated" code
> doean't appear to have made it into heimdal yet... but a heimdal KDC can
> run in Krb4 mode, and it looks like KTH krb4 will talk to it fairly well
> (not tested with recent Heimdal, hopefully that happens next week :-)
It's worth noting that the MIT KDC also responds to V4 requests - we've
been running that way for something like 2 years now with no problems.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
More information about the Arla-drinkers
mailing list