Re: Getting Heimdal kaserver to work...

[Onime Clement <onime@ictp.trieste.it>]

> Ok, I found and built the KTH KRB4 sources, now I just need to remember how to
> configure kadmin to allow the use of afs(cell) salted passwords...
>
Try adding the following kadmin entry to your krb5.conf file, it should
create keys for krb5, krb4 and afs. Note that key creation happens only when 
the principal is created or the password are changed. Existing principals
will not have any afs keys (until they change thier passwords)..

[kadmin]
        default_keys = des3:pw-salt des:pw-salt des:afs3-salt:{your_afs_cell_here} des:pw-salt:


> Quoting "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>:
> 
> > On Fri, 2002-03-08 at 23:02, Eric Knudstrup wrote:
> > > Ok, I have it so I can kinit to my kaserver-sourced db (and klist),
> > but klog.krb
> > > doesn't work and the kdc isn't listening on the kaserver port.
> > > So, what do I try next?
> > 
> > You did build heimdal with kaserver support (configure
> > --enable-kaserver)?
> > 
> > You also need /var/heimdal/kdc.conf with at least the following:
> > 
> > [kdc]
> > 	require-preauth = false		# or v4/afs will lose
> > 	enable-kerberos4 = true
> > 	enable-kaserver = true
> > 	check-ticket-addresses = false	# ssh w/krb4+afs wants this
> > 
> > (Someone who actually understands what's going on should confirm; I
> > got
> > the above via trial and error, since we kinda ended up being the beta
> > test site for heimdal's kaserver emulation :)
> > 
> > -- 
> > brandon s. allbery   [os/2][linux][solaris][japh] 
> > allbery@kf8nh.apk.net
> > system administrator      [WAY too many hats]       
> > allbery@ece.cmu.edu
> > electrical and computer engineering                               
> > KF8NH
> > carnegie mellon university  ["better check the oblivious first"
> > -ke6sls]
> > 
> > 
>