[OpenAFS] [OT] Questions about implementing kerberos
Mon, 06 Sep 2004 14:49:53 -0700
This may not be entirely off topic since one of my goals is to setup
OpenAFS on my servers. And since most everyone has used kerberos for a
while on this list, it seems like a good place to ask. However, I can
ask on the Debian list instead if you'd prefer.
Right now, I have one win2003 server running AD, and all of my (debian)
linux servers authenticating against an openldap server with libnss-ldap
(but not libpam-ldap).
After doing a little research, it looks like I can easily install
libpam-krb5 point it at the win2003 server, and use that for password
verification, but that brings up another issue.
Can I setup a linux based system to act as a backup kdc to the win2003
server? Or should I just setup the kdc and ldap servers on linux and
have the windows machines authenticate against that?
Also, what about krb5 and heimdal? Both are available in debian, but
why would I want to use one or the other?
And last but of course not least, does a windows ADS operate well as a
kdc for afs?
Links, and any other info you'd like to give would be very helpful.