[OpenAFS] Openafs with a windows kerberos server
Horst Birthelmer
horst@riback.net
Tue, 11 May 2004 16:53:14 +0200
On Tuesday, May 11, 2004, at 04:43 PM, Douglas E. Engert wrote:
>
>
> "Davis, Adam" wrote:
>>
>> Hi,
>>
>> I currently have openafs running on linux servers using the kaserver
>> for
>> authentication.
>>
>> We also currently use Active directory and would like openafs to be
>> able
>> to authenticate against the windows kerberos servers which we already
>> have in place rather then duplicating user details.
>>
>> Is this possible ? And if so is there any documentation available ?
>
> Yes it is possible we do that today All of our ADs are now 2003.
> Windows uses Kerberos V5 under the covers, and the AD will respond to
> UDP and TCP requests to port 88 and return Kerberos V5 tickets. Note
> that these tickets may be large due to the fact that Microsoft adds the
> PAC into the ticket. (Microsoft has promissed us a hotfix for the
> size problem so that a service ticket sould be produced without the
> PAC,
> and we are still waiting for this.)
>
Jeffrey Altman added support for this to AFS as far as I know ...
So those large Tickets won't "kill" you ;-)
Horst