[OpenAFS] Documentation or howto for Active Directory as KDC
Fri, 07 Nov 2008 09:36:48 +0100
first I want to thank you for the link. We'll try it out, if we have
some time :-)
You've asked, if it's the same realm:
Yes, (unfortunately) it's the same realm name for both.
Douglas E. Engert schrieb:
> Silvia Roedelsperger wrote:
>> i've got a question.
>> Does anyone know a documentation or a howto on using Active Directory
>> (Windows 2008 Server) as the KDC in an OpenAFS installation?
> John Spoko Jr wrote this up:
> The case 1 looks good.
> You may also want the AD admin to set the userAccountControl flag
> 0x2000000 in the afs account so the MS PAC will be not be sent in the
> The PAC can be large 12K, and since AFS does not use it, it can reduce
> the size of tickets/tokens from 13K to about 400 bytes.
>> Our test environment for the OpenAFS server ist running on a Debian
>> Etch machine.
>> I just found this old thread from 2004:
>> Unfortunately, this thread doesn't helped me very much.
>> To have two Kerberos-servers (on the one hand the Windows 2008 Server,
>> on the other Hand a MIT-Kerberos Server at the Debian machine) with
>> the same user-accounts doesn't make very much sense to me.
> Same realm names? Or not?
>> Thanks in advance! :-)
>> Greetings, Silvia
>> OpenAFS-info mailing list