[OpenAFS] Re: Windows AFS client / Kerberos V
Rodney M Dyer
Mon, 29 Jan 2007 12:52:49 -0500
At 12:06 PM 1/29/2007, Joe Buehler wrote:
>Is there any backwards compatible way to run a Windows client against an
>MIT K5 KDC or am I forced to mass-install MIT Kerberos for Windows and
>re-educate my users?
You can install the MIT Kerb for Win libraries on your clients fairly
simply (backgrounded "silent") by installing only the core libraries. You
simply create a directory on the users local disk, copy the core libraries
into that directory, modify the system path to point to that directory,
then finally add the krb5.ini (krb5.conf in 'nix-land) to the %systemroot%
folder (usually c:\windows, or c:\winnt).
This is what my "c:\admin\bin\krb5" folder looks like:
And my "c:\winnt" contains:
I'm fairly sure you'd no longer need "krb.con", and "krbrealm.con".
As long as the Windows OpenAFS client can "see" the folder that you put the
core libraries into, then you should have no problems. About the most your
users will have to do is logout, and log back in to make sure the KRB
folder is in their system path.
HOWEVER! Performing the full install of the Kerb for Windows client using
the MSI would probably be just as easy, if not more "proper".