[OpenAFS] Re: Slightly unrelated question
Thu, 27 Jan 2011 14:34:40 -0500
>> Integration with the Windows login system I believe is almost always
>> done via AD. I think it's possible to not use AD if someone wrote a
>> Kerberos pGina plugin (or maybe Samba, but that's just replacing AD, =
>> getting rid of its role), but as far as I know nobody does that. But =
>> you just want to get tickets/tokens after the user has logged in, =
>> is much more common and easier to do.
> You can do windows login with just Kerberos (no Samba/AD), at least in =
my testing on XP and 2003. You'll need ksetup.exe from the tools =
package for your OS. This link has a good bit of info:
> There's also an old AFSBPW presentation from UNCC with some (now =
dated) material about integrating profiles and other things which was =
helpful in understanding the process.
On a related note, we'd like to pass through authentication from AD to =
our MIT kerberos realm. There are various documents on the net that =
talk about this, and I'm told that it's done in various places (e.g., =
umich), but we have been so far unable to make it work.
Does anyone know of instructions on how to make this work with win2008? =
We are doing a greenfield AD install. I suppose we might consider using =
samba instead if that makes the process easier. =20
Dan Pritts, Sr. Systems Engineer
office: +1-734-352-4953 | mobile: +1-734-834-7224