AIX as a client, login and more
Sensei
senseiwa at tin.it
Wed Apr 13 14:15:01 EDT 2005
Hi.
I'm trying to integrate Kerberos 5 (client) and OpenAFS, on AIX 5.2 ---
I did something, but I'd like to be sure about what I did before
rebooting. I use LDAP for user information (posixAccount, posixGroup).
In methods.cfg I have now:
AFS:
program = /usr/vice/etc/afs_dynamic_kerbauth
KRB5A:
program = /usr/lib/security/KRB5A
options = authonly
KRB5Afiles:
options = db=LDAP,auth=KRB5A
Then in /etc/security/user now:
SYSTEM="KRB5Afiles OR compat"
On /etc/krb5/krb5.conf I have:
[libdefaults]
default_realm = CELL.NAME
default_keytab_name = FILE:/etc/krb5/krb5.keytab
default_tkt_enctypes = des3-cbc-sha1 des-cbc-md5 des-cbc-crc
default_tgs_enctypes = des3-cbc-sha1 des-cbc-md5 des-cbc-crc
[realms]
CELL.NAME = {
kdc = krb.cell.name
kdc = slave.cell.name
admin_server = krb.cell.name:749
default_domain = cell.name
}
[domain_realm]
.cell.name = CELL.NAME
cell.name = CELL.NAME
[logging]
kdc = FILE:/var/krb5/log/krb5kdc.log
admin_server = FILE:/var/krb5/log/kadmin.log
default = FILE:/var/krb5/log/krb5lib.log
That should work. The only issue is about getting tokens. I don't know
if that authenticator works (afs_dynamic_auth works with kaserver) or if
I need to get a kerberos 4 ticket.
I don't know if I'm missing steps... can anyone help me? Documents on
AIX are not so easy to find.
--
Sensei <mailto:senseiwa at tin.it> <pgp:8998A2DB>
<icqnum:241572242>
<yahoo!:sensei_sen>
<msn-id:sensei_sen at hotmail.com>
More information about the Kerberos
mailing list