[OpenAFS] getting openafs tokens

David Bear David.Bear@asu.edu
Mon, 20 Nov 2006 15:21:22 -0700

I would like to have our windows machines that are joined to our
Active Directory get afs tokens automagically. 

I know there is a feature that we can check to have openafs get tokens
at user logon. But our experience suggests that creates a deadlock
when the checkpoint secure remote software is installed. I would like
to avoid throwing another 'authentication module' onto the standard
microsoft authentication if that makes any sense.

Is it possible to run something like aklog in windows (in the
background) that would grab a kerb ticket from our microsoft Active
Directory, and turn it into an openafs token?

What additional pieces of software would we need to to make this
happen? Would we need KfW? 

One other item. Our MIT Krb5 infrastructure that handles afs, is
separate from our active directory realm. I don't know what kind of
cross realm trust exists. 

Are there any whitepapers on setting this up?

David Bear
phone: 	602-496-0424
fax: 	602-496-0955
College of Public Programs/ASU
University Center Rm 622
411 N Central
Phoenix, AZ 85007-0685
 "Beware the IP portfolio, everyone will be suspect of trespassing"