[OpenAFS] Authenticating against krb5-only KDC (active directory)

[Derek Atkins]

There are a number of ways to do this.  You could just use your M$-KDC
as a regular K5 KDC and use krb524 to obtain AFS tokens, or you could
have a process similar to the above where the 'v4 AFS key' is separate
from the 'M$ key'.

Basically, you use 'aklog' to authenticate to the 524 daemon, and that
gives you a 'token' which you stuff into your client to authenticate.

You don't need native k5 in AFS for this to work.

-derek

Jacob Gorm Hansen <jg@ioi.dk> writes:

> I know Active Directory is not anyone's favorite, not mine either, but I need
> to be able to authenticate against it. Currently, I've got just one AFS server.
> running debian linux.
> 
> Does anyone have a recipe for doing so? I read somewhere that krb5 was being
> worked on for OpenAFS, I suppose that would make things easier. What is the
> status of that?
> 
> Best,
> Jacob
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com