[OpenAFS] Kerberos V, users, passwd, shadow, alternatives
David Miller
D.P.Miller@lse.ac.uk
Wed, 03 Mar 2004 17:32:42 +0000
>LDAP isn't as difficult as getting AFS and Kerb5 working together.
>You've already done the hard part. You won't have difficulty with
>LDAP. Just don't plan on LDAP for auth, keep the kerberos for ticket
>granting.
>
>
>
I aggree. Use LDAP.
Most distros make it pretty easy to migrate and setup ldap.
it also has good, easy to setup replication and fail-over support on the
clients (nss-ldap)
I then wrote some simple perl scripts to control user administration in
ldap+kerberos+openafs (create ldap entries, create kerberos user, create
afs volume, etc).
I've found this documentation pretty good..its debian specific, but most
of it is the same
http://www.metaconsultancy.com/whitepapers/ldap.htm
http://www.metaconsultancy.com/whitepapers/ldap-linux.htm
For the full setup (OpenAFS, LDAP, kerberos 5)
http://www.bayour.com/LDAPv3-HOWTO.html