Information on how to get kerberos ticket of the user in VFS/shell during conneciton

Volker Lendecke Volker.Lendecke at SerNet.DE
Fri Feb 23 07:41:25 UTC 2018

On Thu, Feb 22, 2018 at 09:41:20PM +0100, Manfred Furuholmen via samba-technical wrote:
> the conversion is done by the aklog, you can find it in the src/aklog
> directory in openAFS.
> That is possible because it was implemented the 2b token, mainly kerberos 5
> in rxkad.
> The aklog is able to do several conversions, for the krb5 there is a
> function call  rxkad_build_native_token
> that is possible because it was implemented the 2b token in AFS , mainly
> kerberos 5 in rxkad, the trick was to use kerberos 5 EncTicketPart instead
> of kerberos 4 ditto.

Ok, this means we have a chance.

I think some developer needs to spend a few days on this. You should
contact someone from for paid
support, as I don't think anybody will be able to find time for this
in spare time.

Regards, Volker Lendecke

Besuchen Sie die verinice.XP 2018 in Berlin,
Anwenderkonferenz für Informationssicherheit
vom 21.-23.03.2018 im Sofitel Kurfürstendamm
Info & Anmeldung hier:

SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen, mailto:kontakt at

More information about the samba-technical mailing list