[OpenAFS] [OT] Questions about implementing kerberos

[Mike Fedyk]

Hi everyone,

This may not be entirely off topic since one of my goals is to setup 
OpenAFS on my servers.  And since most everyone has used kerberos for a 
while on this list, it seems like a good place to ask.  However, I can 
ask on the Debian list instead if you'd prefer.

Right now, I have one win2003 server running AD, and all of my (debian) 
linux servers authenticating against an openldap server with libnss-ldap 
(but not libpam-ldap).

After doing a little research, it looks like I can easily install 
libpam-krb5 point it at the win2003 server, and use that for password 
verification, but that brings up another issue.

Can I setup a linux based system to act as a backup kdc to the win2003 
server?  Or should I just setup the kdc and ldap servers on linux and 
have the windows machines authenticate against that?

Also, what about krb5 and heimdal?  Both are available in debian, but 
why would I want to use one or the other?

And last but of course not least, does a windows ADS operate well as a 
kdc for afs?

Links, and any other info you'd like to give would be very helpful.

Thanks,

Mike