[OpenAFS] Openafs with a windows kerberos server
Douglas E. Engert
deengert@anl.gov
Tue, 11 May 2004 10:16:01 -0500
Horst Birthelmer wrote:
>
> On Tuesday, May 11, 2004, at 04:43 PM, Douglas E. Engert wrote:
>
> >
> >
> > "Davis, Adam" wrote:
> >>
> >> Hi,
> >>
> >> I currently have openafs running on linux servers using the kaserver
> >> for
> >> authentication.
> >>
> >> We also currently use Active directory and would like openafs to be
> >> able
> >> to authenticate against the windows kerberos servers which we already
> >> have in place rather then duplicating user details.
> >>
> >> Is this possible ? And if so is there any documentation available ?
> >
> > Yes it is possible we do that today All of our ADs are now 2003.
> > Windows uses Kerberos V5 under the covers, and the AD will respond to
> > UDP and TCP requests to port 88 and return Kerberos V5 tickets. Note
> > that these tickets may be large due to the fact that Microsoft adds the
> > PAC into the ticket. (Microsoft has promissed us a hotfix for the
> > size problem so that a service ticket sould be produced without the
> > PAC,
> > and we are still waiting for this.)
> >
>
> Jeffrey Altman added support for this to AFS as far as I know ...
> So those large Tickets won't "kill" you ;-)
Yes I know, I sent many of these mods to him. As Derrick pointed out:
"the former is in 1.3.63; The latter will be in 1.3.64 probably today."
>
> Horst
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444