[OpenAFS] Slightly unrelated question

Meie Mees bsd04@hot.ee
Thu, 27 Jan 2011 22:17:07 +0200


> I dare to say that OpenAFS will work with all of the different KDCs.
> Which one you favour the most is probably a matter of taste. My taste
> is Heimdal. If you are familiar with setting up a Heimdal KDC on
> FreeBSD keep on doing so. One imporant thing with security related
> software is that you want to be familiar to avoid misstakes which
> might be fatal (security wise).
>=20
> > No Windows AD/KDC planned, but Windows clients
> > integration with standard KDC and possibly OpenAFS will be
important.
>=20
> Good luck with not needing an AD, but I think both Heimdal and MIT
can
> be cross realmed with an AD when you need it. Just keep the
> realm/domain names of the "Unix KDC" and the "Windows KDC (AD)"
> different. There are organizations which used the same realm name and
> had to suffer for it. It is good if you can synchronize usernames
from
> the start. There are some tips how to cross realm with Windows in the
> Heimdal documentation.
>=20

Thank you all for replies! I will keep my relationship with FreeBSD then
and use Heimdal.
The first difficulty with Kerberos seems to be user passdb migration.
Any hints how to
proceed? Most users authenticate against NT domain but we have some
local Unix users
as well.

thanks,
--=20
Vallo