[OpenAFS] Re: Slightly unrelated question

John Perkins john@cs.wisc.edu
Thu, 27 Jan 2011 13:40:36 -0600

On 01/27/2011 01:34 PM, Dan Pritts wrote:
> On a related note, we'd like to pass through authentication from AD to 
> our MIT kerberos realm. There are various documents on the net that 
> talk about this, and I'm told that it's done in various places (e.g., 
> umich), but we have been so far unable to make it work.
> Does anyone know of instructions on how to make this work with win2008?  We are doing a greenfield AD install.  I suppose we might consider using samba instead if that makes the process easier.

Check out http://technet.microsoft.com/en-us/library/bb742433.aspx (in 
particular, Setting Trust with a Kerberos Realm).  In this case you can 
create user X, then log them in as "X@<REALM>" and get the same 
permissions you've set for user X in your AD directory.

    John Perkins                   |   University of Wisconsin-Madison
    Researcher                     |   Department of Computer Science
    john@cs.wisc.edu               |   1210 W. Dayton St.
    608-262-0438/608-262-6626 FAX  |   Madison, WI  53706-1685