[OpenAFS] AFS Token / Kerberos v5 ticket

Xavier Canehan Xavier.Canehan at in2p3.fr
Tue Oct 20 04:28:22 EDT 2009


Jeffrey Altman a écrit :
> Can you please explain what it is that you are attempting
> to accomplish?

Our home made batch system used to save and forge kas tickets. No 
Kerberos 5, not very secure, easiest. Moreover, it was just navigating 
through bit fields to forge a ticket. No AFS primitive implied.

We are migrating: away from current batch system and to Kerberos 5.
During process, we have to modify our batch system, whilst main 
developer retired.

As Rémi worked on Kerberos 5 migration here, he has been volunteered to 
provided code to migrate our batch system. Thus, he is investigating 
several options to cope either with kas, fakeka, K5.
He may have not been clear: we are not willing to put a keyfile in 
unsecure places. We have to modify our batch master and prepare the 
place for the next.

Thanks to every one who helped, either with directions or code.
Rémi is adapting code from Rainer Toebbicke. If not successful, we will 
certainly switch to Heimdal, as suggested by Derrick Brashear.


Rémi is not trying to break AFS nor Kerberos.
He is not trying to hack our cell. I know where he lives. :o)


Best regards,

X. Canehan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4050 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20091020/515d776e/attachment.bin


More information about the Kerberos mailing list