[OpenAFS] A single cohesive network with Kerberos and AFS

Thomas Cherryhomes thomasc@apogeemm.com
27 Jun 2001 16:06:37 -0500 

Hi!

I've been lurking on this list for a while now, and have been slowly
researching on how to glue together a network of UNIX, Windows, and
MacOS clients using AFS and Kerberos. 

IT IS THE MOST IMPORTANT GOAL THAT I HAVE A SINGLE LOGIN WHICH GETS ME
ANYWHERE ON THE REALM!!!

I know that I can link together Kerberos v5 and AFS on UNIX/Linux/*BSD
et al... (I keep getting conflicting answers ranging from I just have to
use the pam_krb5afs.o module to I have, to use the kerberos v5 to v4
ticket converter, to I have to use the AFS to Kerberos v5 Migration kit,
which I've seen wide ranging opinions as to whether or not it would work
with the latest krb5-1.2.2).... Is there any solution that WORKS ??? I
don't care WHAT contortions I have to go through.

As for the Windows and Mac.... I've noticed that things get a lot more
interesting here.... I have a friend who goes to Stanford and he was
gracious enough to give me a copy of both PC-Leland and Mac-Leland..
These clients were meant to work with the Transarc Windows NT/2000 AFS
client... I am not running any NT machines here to speak of, I am
running the win9x OpenAFS client. Can this client, or any other Kerberos
v5 client interface with AFS? This is giving me migraines because I
either (1) can't find a client, or (2) can't find a kerberos/afs
combination that works well together. WHAT CAN YOU SUGGEST AS A SOLUTION
FOR BOTH WINDOWS AND MAC?

Also, after looking at the design of Kerberos and AFS, I wonder why more
people don't use this combination, not only in larger networks, but
medium to small size networks as well? It seems that once a proper mix
of clients is found, this would be one hell of a solution.

Any help would be appreciated.. I am very new at this..and coming from
the world of Public Key and SSL, etc... this is a bit opposite of what
I'm used to. 

But, as I see it... It's the ONLY solution where you can provide a
secure and scalable network based on free software...

--Thom Cherryhomes