[OpenAFS] Help wanted: ADS and MIT Kerberos auth for openafs
Eric Chris Garrison
Wed, 24 Jun 2009 11:25:03 -0400
-----BEGIN PGP SIGNED MESSAGE-----
My site is being converted from MIT Kerberos to MS Active Directory (ADS)
for kerberos authentication. It looks to me like we should be able to set
up AFS to accept tickets from either realm somehow.
I've added an afs service principal from each of two realms to the KeyFile
using asetkey. I've added both realms in /etc/krb.conf, the first two
lines of the file being the two realms.
I think I'm missing a step, though, as it doesn't map the principals from
the ADS realm to AFS users the way our existing realm does.
Any advice, especially a pointer to non-obsolete documentation on the
subject would be very much appreciated!
Eric Chris Garrison | Principal Mass Storage Specialist
firstname.lastname@example.org | Indiana University - Research Storage
W: 317-278-1207 M: 317-250-8649 | Jabber IM: email@example.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----