[OpenAFS] Windows 2000 AD and fakeka
Mon, 27 Jun 2005 19:10:06 -0400
On Wednesday, June 22, 2005 07:06:42 AM -0400 Jeffrey Altman
> Ming Hou wrote:
>> I would like to have fakeka to work with Windows 2000 AD, and I think
>> that fakeka is going to run on my AFS database server. Are there some
>> successful cases to make it works? If yes, how should I do to set it up?
>> Thank you.
> fakeka provides a Kerberos 4 service. Active Directory does not
> support Kerberos 4. You would have to write one that had access to
> the user's password and the key associated with the afs service.
Actually, fakeka provides the kaserver service, not Kerberos 4. It
provides support for the kaserver authentication service (the equivalent of
the Kerberos AS and TGS), and to do so it needs access to the contents of
the Kerberos database, which means it must run on the KDC (not the AFS
database servers), and the KDC must use a database format it understands.
The support (or lack thereof) of Kerberos 4 in the Windows AD is not at
issue here; the database format is. The current fakeka code understands
only the MIT Kerberos database format (in fact, it doesn't even understand
that -- it uses an internal Kerberos database API). The AD database format
is undocumented, not a public interface, and subject to change between
versions. Writing software which accessed it directly would be quite
Exactly what functionality do you require that you think fakeka will help
you with? Perhaps we can help you find another way to get what you need.
-- Jeffrey T. Hutzelman (N3NHS) <firstname.lastname@example.org>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA