[OpenAFS] Active Directory 2003, kerberos 5, openAFS - rxkad
Sun, 07 Jan 2007 20:40:00 -0500
John W. Sopko Jr. wrote:
> Yes I will try your instructions, I am not in control
> of our Windows servers and they are running W2K. I do
> have access to a test W2003 AD server.
>> * Use a working (non-2003 SP1) version of ktpass to export the key
>> The 2003 SP1 Support Tools version is 5.2.3790.1830. Do not use it.
> So use the original ktpass? Is there a way to verify the
> working version? Thanks for all your help.
As far as I am aware, all of the versions other than 2003 SP1,
as identified above, work.
The Vista version provides additional options that will make
debugging easier. Unfortunately, its not available yet.
> While we are on the subject. If we decide to have our
> L/Unix infrustrucure, including afs, authenticate to
> Windows AD; how comfortable do you feel that one day
> a Microsoft patch might break things? Our Windows group
> say they cannot guarantee this will not happen. I know
> this is a big question...
Will break what?
Can your UNIX group guarantee that an update to MIT or Heimdal
Kerberos won't break things?