[OpenAFS] Re: Windows AFS client / Kerberos V
Rodney M Dyer
rmdyer@uncc.edu
Mon, 29 Jan 2007 12:52:49 -0500
At 12:06 PM 1/29/2007, Joe Buehler wrote:
>Is there any backwards compatible way to run a Windows client against an
>MIT K5 KDC or am I forced to mass-install MIT Kerberos for Windows and
>re-educate my users?
You can install the MIT Kerb for Win libraries on your clients fairly
simply (backgrounded "silent") by installing only the core libraries. You
simply create a directory on the users local disk, copy the core libraries
into that directory, modify the system path to point to that directory,
then finally add the krb5.ini (krb5.conf in 'nix-land) to the %systemroot%
folder (usually c:\windows, or c:\winnt).
This is what my "c:\admin\bin\krb5" folder looks like:
comerr32.dll
gss-client.exe
gss-server.exe
gss.exe
gssapi32.dll
k524init.exe
kclnt32.dll
kdestroy.exe
kinit.exe
klist.exe
kpasswd.exe
krb524.dll
krb5_32.dll
krbcc32.dll
krbcc32s.exe
krbv4w32.dll
kvno.exe
leash32.chm
leash32.exe
leashw32.dll
ms2mit.exe
wshelp32.dll
xpprof32.dll
And my "c:\winnt" contains:
krb.con
krb5.ini
krbrealm.con
I'm fairly sure you'd no longer need "krb.con", and "krbrealm.con".
As long as the Windows OpenAFS client can "see" the folder that you put the
core libraries into, then you should have no problems. About the most your
users will have to do is logout, and log back in to make sure the KRB
folder is in their system path.
HOWEVER! Performing the full install of the Kerb for Windows client using
the MSI would probably be just as easy, if not more "proper".
Rodney