[OpenAFS] kerberos + openafs + windows = ?

Charles Clancy security@xauth.net
Mon, 9 Sep 2002 22:00:18 -0500 (CDT)


> Is it possible to get it to automatically "just work" on login?  ie. login to
> win2k and automatically get krb5 + afs tokens?

Yes.  You have to set up all the kerberos stuff on Win2k.

See:
http://www.microsoft.com/windows2000/techinfo/howitworks/security/kerberos.asp
http://www.microsoft.com/windows2000/techinfo/howitworks/security/kerbint.asp

That will obtain a kerberos token during login.  Then, you can use
ms2mit.exe to convert the MS-style krb5 TGT into a MIT-style krb5 TGT.
Then, from there you can run aklog.exe to get your AFS service ticket and
AFS token.  These utilities would presumably be run from some sort of
login script or startup shortcut.

Alternatively, there's a utility that combines the functionality of ms2mit
and aklog into a single binary:
	http://www.rose-hulman.edu/TSC/software/wake/

[ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]