On Thu, 24 Jul 2003 16:06:37 -0400 (EDT) Faheem Mitha <[EMAIL PROTECTED]> wrote:
> Also, I'm using AFS on the University of North Carolina campus. Much about AFS is specific to your institution. I'll make some guesses, but you need to talk to your IT department. > 1) When using an afs client, the command `klog' fetches tokens from > the campus server. Am I correct in thinking that this fetching > involves use of kerberos on the campus server? I don't have > kerberos installed on my client machine, though I have seen > descriptions which involve installation of kerberos on the client > machine. Is kerberos not required at the client end? Kerberos is always required for AFS. However, AFS works with all major Kerberos distributions - MIT, Heimdal, MS Active Directory - and also includes its own. If you're using klog, that means you're using the AFS built-in Kerberos. These days, that's considered to not be the best way to do things, but switching over to a newer Kerberos from the old is difficult. > 2) I'm considering trying to install a Openafs server on a Debian > machine. I am not completely clear from the documentation whether > it is actually nececssary to install and configure kerberos > (kerberos 5 seems to be the preferred version). Parts of the > documentation suggest that one could use the `afs authentication > system', whatever this is. Adding to my confusion is that the > openafs debian packages openafs-dbserver and openafs-fileserver do > not mention kerberos even as a recommends. As stated above, you appear to be using the original "afs authentication system", as described in the IBM/OpenAFS docs. I believe Debian has a separate package you'll need to deal with the old authentication system. If you hope to join your uni's cell, you'll need to speak with them and follow procedure - you can't just jump in on your own. If you just want to set up your own private cell to play around with, then you're best off ditching the old AFS Kerberos and using MIT Kerb 5. But that may get tricky if you try to use the same machine that's already on the university network. If you have a test box that isn't hooked into the existing AFS cell, that will make your life easier. > Does a tutorial for AFS server installation on Debian exist anywhere? > My impression is no. There's a decent write-up in the docs for one of the AFS packages - I don't remember which one specifically. Those docs assume that you'll be setting AFS with MIT Kerb 5, which is recommended these days, so they won't quite apply to your university network. But in any case, AFS isn't something that you'll just pick up in a day, especially if you're not familiar with Kerberos already. If you have the machines to spare, I would strongly recommend setting up a private Kerberos realm before you get into AFS. --Todd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
