[OpenAFS-devel] [Win] Status of remote logins

Luke Howard lukeh@padl.com
Sat, 26 Feb 2005 12:52:12 +1100


>Thanks for the info, and I'll be reading them, but specifically what I 
>was asking for are books that introduce each technology much like a book 
>on programming.  I already understand some of the concepts used in them, 
>but want to flesh out my knowledge on them and learn common techniques 
>that probably won't be in a RFC or specification.  You wouldn't happen 
>to know of any books like that, would you?

The O'Reilly books are quite good:

	http://www.oreilly.com/catalog/ldapsa/index.html

	http://www.oreilly.com/catalog/kerberos/index.html

They also cover Active Directory to some extent.

>> Unfortunately, the problem is that AD is more than just LDAP and 
>> Kerberos; it requires specific extensions, some of which are 
>> poorly-documented, if at all.
>
>Don't you love standards track protocols that *aren't fully documented*?!

To be clear: it is the extensions that are not fully documented, not the
standards track protocols themselves.

XAD has some advantages over Active Directory in AFS deployments. By
including Kerberos IV and AFS authentication servers, it can support
older clients that cannot use Kerberos 5 directly (for example the
Transarc Windows client) without needing a separate authentication
infrastructure.

Secondly, the integrated AFS Protection Server removes the need to 
manage AFS groups separately from Windows and POSIX groups; they are
all equivalent. You can even use pts to manage Windows group membership.

More information on AFS support in XAD is at:

	http://www.padl.com/TechNotes/XADAFSConfigurationNotes.html

-- Luke

--