AIX as a client, login and more

Sensei senseiwa at tin.it
Wed Apr 13 14:15:01 EDT 2005


Hi.

I'm trying to integrate Kerberos 5 (client) and OpenAFS, on AIX 5.2 --- 
I did something, but I'd like to be sure about what I did before 
rebooting. I use LDAP for user information (posixAccount, posixGroup).

In methods.cfg I have now:

AFS:
	program = /usr/vice/etc/afs_dynamic_kerbauth

KRB5A:
	program = /usr/lib/security/KRB5A
	options = authonly

KRB5Afiles:
	options = db=LDAP,auth=KRB5A


Then in /etc/security/user now:

SYSTEM="KRB5Afiles OR compat"


On /etc/krb5/krb5.conf I have:

[libdefaults]
         default_realm = CELL.NAME
         default_keytab_name = FILE:/etc/krb5/krb5.keytab
         default_tkt_enctypes = des3-cbc-sha1 des-cbc-md5 des-cbc-crc
         default_tgs_enctypes = des3-cbc-sha1 des-cbc-md5 des-cbc-crc

[realms]
         CELL.NAME = {
                 kdc = krb.cell.name
                 kdc = slave.cell.name
                 admin_server = krb.cell.name:749
                 default_domain = cell.name
         }

[domain_realm]
         .cell.name = CELL.NAME
         cell.name = CELL.NAME

[logging]
         kdc = FILE:/var/krb5/log/krb5kdc.log
         admin_server = FILE:/var/krb5/log/kadmin.log
         default = FILE:/var/krb5/log/krb5lib.log



That should work. The only issue is about getting tokens. I don't know 
if that authenticator works (afs_dynamic_auth works with kaserver) or if 
I need to get a kerberos 4 ticket.

I don't know if I'm missing steps... can anyone help me? Documents on 
AIX are not so easy to find.

-- 
Sensei <mailto:senseiwa at tin.it> <pgp:8998A2DB>
        <icqnum:241572242>
        <yahoo!:sensei_sen>
        <msn-id:sensei_sen at hotmail.com>


More information about the Kerberos mailing list