[OpenAFS] Re: Slightly unrelated question

[Dan Pritts]

>> Integration with the Windows login system I believe is almost always
>> done via AD. I think it's possible to not use AD if someone wrote a
>> Kerberos pGina plugin (or maybe Samba, but that's just replacing AD, =
not
>> getting rid of its role), but as far as I know nobody does that. But =
if
>> you just want to get tickets/tokens after the user has logged in, =
that
>> is much more common and easier to do.
>=20
> You can do windows login with just Kerberos (no Samba/AD), at least in =
my testing on XP and 2003.  You'll need ksetup.exe from the tools =
package for your OS.  This link has a good bit of info:
> http://www.wlug.org.nz/WinXP%2BKrb5%2BAFS
> There's also an old AFSBPW presentation from UNCC with some (now =
dated) material about integrating profiles and other things which was =
helpful in understanding the process.


On a related note, we'd like to pass through authentication from AD to =
our MIT kerberos realm.  There are various documents on the net that =
talk about this, and I'm told that it's done in various places (e.g., =
umich), but we have been so far unable to make it work.

Does anyone know of instructions on how to make this work with win2008?  =
We are doing a greenfield AD install.  I suppose we might consider using =
samba instead if that makes the process easier. =20

danno
--
Dan Pritts, Sr. Systems Engineer
Internet2
office: +1-734-352-4953 | mobile: +1-734-834-7224