[OpenAFS] OpenAFS and Windows user account password syncronization
Thu, 26 May 2011 09:46:21 +0000
On Thu, May 26, 2011 at 8:16 AM, Claudio Prono <firstname.lastname@example.org> wrote:
> Il 25/05/2011 20.14, Ken Dreyer ha scritto:
>> On Wed, May 25, 2011 at 7:12 AM, Claudio Prono <email@example.com> wrote:
>>> When the Windows Client change his Kerberos password on the
>>> OpenAFS server
>> I'm not sure what this means, because OpenAFS servers (besides
>> kaserver) don't store users' passwords. Can you provide more
>> information about your Kerberos environment, specifically, what
>> implementation of Kerberos (kaserver, Heimdal, MIT) you are using to
>> authenticate users to AFS?
>> - Ken
> I use Mit Kerberos to store users passwords.
You shouldn't really have to synchronize anything at all. If you're
doing the dummy account dance
on the AD side; that is, the user object in AD is mapped to a
principal in your MIT realm via alternate
security IDs, then the user simply has to change his password in the
MIT realm directly. Where I
went to school did this; they simply have a webpage where users can
change their passwords.