[OpenAFS] OpenAFS using win2k DC for kerberos 5 authentication
Charles Clancy
security@xauth.net
Wed, 9 Jan 2002 11:02:48 -0600 (CST)
> > We're looking at using Win2k active directory to centralise out account
> > management. My question is, can the win2k domain controller (acting as a
> > kerberos 5 KDC) be used to get AFS tokens in an analagous way to using MIT
> > krb5? Is it just a case of getting a working krb524d equivalent to run on
> > the domain controller or is it more subtle than that?
>
> That _should_ be sufficient.
>
> -derek
If anyone can figure out how to enter the keys in ADS on 2K, I'd love to
hear about it.
Also, a friend of mine who's worked for Microsoft's Kerberos Security
group says 2K's kerberos is very broken. I asked him about such an
AFS-ADS setup, and he said it would be best to wait for XP server (.NET
server, I think?), because its Kerberos works much better.
--
t. charles clancy <> tclancy@uiuc.edu <> www.uiuc.edu/~tclancy