[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remapping old Kerberos 4 realm name to new Kerberos 5 realm name

>Is there a Heimdal equivalent to MIT Kerberos + Ken Hornstein's
>monster-patch krb524d [1] --with-krb524-remapping option? I'm trying to
>remap an old Kerberos 4 realm name to a new Kerberos 5 realm name as
>described in the migration scenario here [2]. If there isn't I assume I
>could use krb524d to replace some Heimdal functionality, but I'd like to
>stick with pure Heimdal if at all possible. Specific Heimdal error I am
>getting now is:

First off, it isn't a global remapping; it's done on a per-user basis.
So I suspect that's not what you really want.

Secondly ... I would advise that you simply change the Kerberos realm
of your AFS cell to match that of your V5 Kerberos realm.  You can do
that by placing a Kerberos V4 config file in a magic location on
your AFS servers (I forget the location, but I'm sure someone will
remind me).  This will make using the Windows client problematic with
the native (v4) authentication ... but the trend has been to go to V5,
so if I were you, I'd just go with V5 on Windows.