Some other topics that should be explained.
-- SSH -- these instructions from [[CharlesClancy]] for building openssh might help <http://lists.openafs.org/pipermail/openafs-info/2002-January/002846.html>. And another perspective from [[OwenLeBlanc]] <http://lists.openafs.org/pipermail/openafs-info/2002-January/002856.html>.
+- SSH -- There are two issues. First is mutually authenticating you and the SSH server to each other using Kerberos. Second is passing local AFS authentication to the remote shell (in this case an AFS Client) in the form of AFS service tickets (tokens).
+ - these instructions from [[CharlesClancy]] for building openssh might be useful <http://lists.openafs.org/pipermail/openafs-info/2002-January/002846.html>
+ - another perspective from [[OwenLeBlanc]] <http://lists.openafs.org/pipermail/openafs-info/2002-January/002856.html>
-- [[TedAnderson]] - 23 Jan 2002
--- /dev/null
+<http://www.pdc.kth.se/heimdal/>
+
+-- [[TedAnderson]] - 23 Jan 2002
I am not the right person to write this page but here is a start:
-[[KenHornstein]]'s migration toolkit is here: <ftp://ftp.cmf.nrl.navy.mil/pub/kerberos5/>.
+The MIT web site for Kerberos is <http://web.mit.edu/kerberos/www>. The FAQ is at <http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html>.
+
+[[KenHornstein]]'s AFS-Kerberos5 migration toolkit is here: <ftp://ftp.cmf.nrl.navy.mil/pub/kerberos5/>.
-- [[TedAnderson]] - 22 Jan 2002
- PAM modules available for K5
- Admin differences between various K5 implementations
+- krb524d -- which uses a K5 TGT to produce a V4 AFS service ticket which the [[CacheManager]] needs. It does not need to run on the same machine as the [[KerberosV]] server but just needs access to the AFS principal's key. This is not needed for [[HeimdalKTH]] which implements V4 and V5 services, but is for MIT and [[ActiveDirectory]].
+- encryption types -- this is a per key property and V5 supports several (while V4 only supported one, namely what V5 calls des-cbc-crc). However, this is not the V5 default (which I think is des3) so you need to ensure that the AFS principal uses des-cbc-crc.
+- [[StringToKey]] differences
-- [[TedAnderson]] - 23 Jan 2002
+
+----
+
+See [[HeimdalKTH]], [[ActiveDirectory]], [[KerberosDCE]], [[AuthCommands]], [[SettingUpAuthentication]].
-Modify AFS clients and servers to support files bigger than 2^31-1 bytes.
+Modify AFS clients and servers to support files bigger than 2<sup>31</sup>-1 bytes.
Here is the way [[JeffreyHutzelman]] [described](http://lists.openafs.org/pipermail/openafs-devel/2002-January/002304.html) the project:
-The [[OpenAFS]] project has several [mailing lists](https://lists.openafs.org/mailman/listinfo/), one of which is [OpenAFS-devel](https://lists.openafs.org/mailman/listinfo/openafs-devel) and is archived at <http://lists.openafs.org/pipermail/openafs-devel/>.
+The [[OpenAFS]] project has several [mailing lists](https://lists.openafs.org/mailman/listinfo/), one of which is [OpenAFS-devel](https://lists.openafs.org/mailman/listinfo/openafs-devel) is for technical discussion of [[OpenAFS]] development work and is archived at <http://lists.openafs.org/pipermail/openafs-devel/>.
--- [[TedAnderson]] - 17 Jan 2002
+-- [[TedAnderson]] - 17, 23 Jan 2002
--- /dev/null
+The [[OpenAFS]] project has several [mailing lists](https://lists.openafs.org/mailman/listinfo/), one of which is [OpenAFS-devel](https://lists.openafs.org/mailman/listinfo/openafs-info) is for general discussion of [[OpenAFS]] and is archived at <http://lists.openafs.org/pipermail/openafs-info/>.
+
+-- [[TedAnderson]] - 23 Jan 2002
git://git.openafs.org / openafs-wiki.git / commitdiff