[OpenAFS] Using W2k domain controller to access AFS server

Michael Lasevich openafslist@lasevich.net
Thu, 28 Mar 2002 14:17:36 -0800


I've just started using AFS, so please pardon me if some of the questions
are too basic. I installed OpenAFS on RH7.2 server. I was able to install a
latest release of the Win2k client. Using built in AFS kerberos
authentication everything works fine - but now I have 3 passwords for every
user - W2k, UNIX, and AFS. I looked into using Win2k domain controller as
Kerberos5 server and got that part to work. I can now log into a UNIX
machine with a NIS account and win2k password. However there is a step I am
missing in getting the AFS token generated. I assume I need to connect AFS
authentication to Win2k server somehow, but I am not sure how. If you can
point out what I am missing or at least where to look, I'd appreciate it. I
am sure I am not the first to try this, maybe there is a AFS-Win2k-KDC howto
out there?

Also, Is there a good on-line reference manual as to how kerberos and
openAFS works? I feel like I am missing some of the basics behind these
beasts. Retyping commands from howto's, etc. is all well and nice when you
are in a pinch, but I would really like to understand what i am doing.

Thanks in advance.