[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
    Search the FAQ Archives
Single Page

Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.18. How come the "Last xxx" fields in the Kerberos database don't seem to get updated?
Next Document: 2.20. What is v5passwdd? Do I need to run it?

2.19. What does krb524d do? Do I need to run it?

The krb524d daemon is used to convert a Kerberos 5 service ticket to a
Kerberos 4 service ticket. This is primarily used by the krb524init program
and the AFS-Kerberos 5 Migration Kit.

To use this daemon, you need to either run it on your KDC, or give it access
to the keys for the service principals who's tickets you wish to convert. It
needs access to the principals' keys because it decrypts the Kerberos 5
ticket, converts it to a Kerberos 4 ticket, and re-encrypts it. Everyone I
know of that uses krb524d runs it on their KDC.

Depending on your use of Kerberos 4, you may or may not need it. If you plan
on using krb524init or the AFS-Kerberos 5 Migration kit, then you definitely
need it.

To use krb524init, run krb524d on your KDCs and simply run krb524init after
you've acquired a V5 TGT. Your V5 TGT will be converted to a V4 TGT, which
can then be used by V4 applications.

Note that login.krb5 can be configured to convert your credentials
automatically as well. See the man page for more information.


Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.18. How come the "Last xxx" fields in the Kerberos database don't seem to get updated?
Next Document: 2.20. What is v5passwdd? Do I need to run it?

Single Page

[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer:
Ken Hornstein <kenh@cmf.nrl.navy.mil>

Last Update October 13 2008 @ 00:11 AM

© 2008 FAQS.ORG. All rights reserved.