[OpenAFS] Re: Slightly unrelated question

[Chaz Chandler]

> Integration with the Windows login system I believe is almost always
> done via AD. I think it's possible to not use AD if someone wrote a
> Kerberos pGina plugin (or maybe Samba, but that's just replacing AD, not
> getting rid of its role), but as far as I know nobody does that. But if
> you just want to get tickets/tokens after the user has logged in, that
> is much more common and easier to do.

You can do windows login with just Kerberos (no Samba/AD), at least in=20
my testing on XP and 2003.  You'll need ksetup.exe from the tools=20
package for your OS.  This link has a good bit of info:
http://www.wlug.org.nz/WinXP%2BKrb5%2BAFS
There's also an old AFSBPW presentation from UNCC with some (now dated)=20
material about integrating profiles and other things which was helpful=20
in understanding the process.

Roaming profiles, making sure you get AFS tokens at the right time in=20
the login process, etc., are where AD or a good substitute come in=20
handy.  So again it depends on what your goal is.

-Chaz

____________________________________________________________
Publish your photos in seconds for FREE
TRY IM TOOLPACK at http://www.imtoolpack.com/default.aspx?rc=3Dif4