[OpenAFS] Re: Windows TGS_REQ on alternate Netbios Names
Derrick J Brashear
shadow@dementia.org
Sat, 29 Nov 2003 14:02:29 -0500 (EST)
On Sat, 29 Nov 2003, Jeffrey Altman wrote:
> Its not icky behavior. When the SMB client attempts to communicate with
> the SMB service (even on the same machine) it is necessary for the published
> name to be used. There is no requirement that FOOBAR-AFS exist on the
> machine FOOBAR.
>
> In an Active Directory environment, there would be published aliases so that
> the AD can respond to a request for host/foobar-afs with a service ticket
> encrypted with a key derived from the password for host/foobar.
>
> This type of functionality is not available when using a non-Windows KDC
> because the same level of integration for DNS updates, LDAP directory
> updates,
> etc. can not be supported.
If you were willing to play within certain constraints you could probably
patch something into your KDC, but the expedient way wouldn't be pretty or
particularly useful widely.