[H-GEN] Setting up Kerberos

[Jason Henry Parker]

[ Humbug *General* list - semi-serious discussions about Humbug and  ]
[ Unix-related topics.  Please observe the list's charter.           ]
[ Worthwhile understanding: http://www.humbug.org.au/netiquette.html ]

Sarah Kelly <sarah at uow.edu.au> writes:

> Is there anyone here who has set up a Kerberos server?

I've messed with it briefly, and on a very small scale, in order to
try to set up AFS (a distributed filesystem).

IIRC it comes in two different versions (krb4 and krb5); it is
available in Australia (most of the ITAR restrictions having been
loosened a few years ago); applications require support for it on
their own (kerberised POP servers, kerberised xdm login screens, and
so on, although I think there are PAM and NSS modules) it's also full
of its own jargon.

If you're serious about setting it up---and as far as *I* can tell
it's quite useful---then the very best I can do for you is to
recommend at least one book (surely an ora.com book exists, the
`triple-headed dog book', perhaps?).

The thing I found the hardest is that it seems to require a few hosts
to run on right out of the box, and more than a few passwords;
the documentation isn't exactly clear on what they're for, and which
is used when.  Remember, though, that my experience of it is tainted
by trying to work out what AFS is about at the same time.

If you set it up and get anywhere, some mail back to the list to
summarise what you found out may be nice.

jason
-- 
||----|---|------------|--|-------|------|-----------|-#---|-|--|------||
| Men are Figs!                               http://linux.org.au/conf/ |
|                   --Ann Burlingham                   jasonp at uq.net.au |
||--|--------|--------------|----|-------------|------|---------|-----|-|

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.