[OpenAFS] Slightly unrelated question
Harald Barth
haba@kth.se
Thu, 27 Jan 2011 15:15:02 +0100 (CET)
> We are using mainly Linux 2.6.x with HP-UX 11.x and some Windows
> boxes thrown into mix.
I dare to say that OpenAFS will work with all of the different KDCs.
Which one you favour the most is probably a matter of taste. My taste
is Heimdal. If you are familiar with setting up a Heimdal KDC on
FreeBSD keep on doing so. One imporant thing with security related
software is that you want to be familiar to avoid misstakes which
might be fatal (security wise).
> No Windows AD/KDC planned, but Windows clients
> integration with standard KDC and possibly OpenAFS will be important.
Good luck with not needing an AD, but I think both Heimdal and MIT can
be cross realmed with an AD when you need it. Just keep the
realm/domain names of the "Unix KDC" and the "Windows KDC (AD)"
different. There are organizations which used the same realm name and
had to suffer for it. It is good if you can synchronize usernames from
the start. There are some tips how to cross realm with Windows in the
Heimdal documentation.
Harald.