[OpenAFS] Authenticating against krb5-only KDC (active directory)

Jacob Gorm Hansen jg@ioi.dk
Thu, 7 Mar 2002 07:53:05 +0100


On Thu, Feb 28, 2002 at 10:57:22AM -0500, Derek Atkins wrote:
> Jacob Gorm Hansen <jg@ioi.dk> writes:
> 
> > On Thu, Feb 28, 2002 at 10:34:04AM -0500, Derek Atkins wrote:
> > > There are a number of ways to do this.  You could just use your M$-KDC
> > > as a regular K5 KDC and use krb524 to obtain AFS tokens, or you could
> > > have a process similar to the above where the 'v4 AFS key' is separate
> > > from the 'M$ key'.
> > 
> > Would that work when clients where on Win2k machines as well?
> 
> Sure.  You just need to compile aklog (or the equivalent)


Hmm but how do I get access to the krb5-token stashed by windows at login?

Is this possible without having to run the old win32 kerberos5 kit, so users
have to type in their password twice, once for logging on to windows, and once
for doing kinit+aklog?

Best,
Jacob