[OpenAFS] Switching from MIT to win 2003 krb5 server

Lars Schimmer l.schimmer@cgv.tugraz.at
Wed, 06 Jun 2007 17:20:13 +0200

Hash: SHA1


Now I=B4m on my way to switch from MIT krb5 server to Win 2003 AD krb5
server to use only ONE auth in my cell :-)
In that way I=B4ve got some questions.

1. is it possible, to use both server and use both to obtain
tickets/tokens in the time of changing?
Is there a problem with kvno? Or just set the Win Key one number higher
than MIT key?
2. creating user in AD is clear to me, do I need to map them via the
setspn version?
3. How to create host-entries? Just add a "Computer" to the AD?
Some special Options to take care of?
4. I created a afs user in the AD as a normal user with the login afs,
set user cannot change passwd, passwd never expires.
Afterward I setspn afs/cgv.tugraz.at to afs.
Was this correct? Any other options to check?
5. I installed the Win 2003 SP2 and tools for SP2, so no need to worry
about ktpass?
6. After ktpass export the afs key and import it into afs servers, I can
change the clients to auth against Win 2003 AD. Is it enough just to
change the IP in the krb5.conf file?

Thanks for the help so far. I just want to be sure that it works the way
I think it should.

Lars Schimmer
- --
- -------------------------------------------------------------
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402       PGP-Key-ID: 0x4A9B1723
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org