[OpenAFS] Re: Slightly unrelated question
Andrew Deason
adeason@sinenomine.net
Thu, 27 Jan 2011 09:53:47 -0600
On Thu, 27 Jan 2011 15:15:02 +0100 (CET)
Harald Barth <haba@kth.se> wrote:
> > No Windows AD/KDC planned, but Windows clients integration with
> > standard KDC and possibly OpenAFS will be important.
>
> Good luck with not needing an AD, but I think both Heimdal and MIT can
> be cross realmed with an AD when you need it.
To be clear, Meie, do you want to use Heimdal/MIT Kerberos for
authentication for logging in to Windows, or do you just want tickets
after you have logged in?
Integration with the Windows login system I believe is almost always
done via AD. I think it's possible to not use AD if someone wrote a
Kerberos pGina plugin (or maybe Samba, but that's just replacing AD, not
getting rid of its role), but as far as I know nobody does that. But if
you just want to get tickets/tokens after the user has logged in, that
is much more common and easier to do.
--
Andrew Deason
adeason@sinenomine.net