[OpenAFS] Why the KfW/Heidmdal dependency with OpenAFS for Windows?

Christopher D. Clausen cclausen@acm.org
Mon, 3 Oct 2011 08:56:04 -0500

The Microsoft libraries are only useful if one is actually using the 
Windows Kerberos parts (either through Active Directory or ksetup.exe 
with a realm.)

For your standard home user, they aren't going to be using either and 
need a way to enter Kerberos credentials from within Windows itself. 
Think of it as Windows not having a kinit command.  Windows can only 
obtain initial Kerberos credentials from the login screen.

Also, KfW or Heimdal allow one to obtain credentials for different 
realms/cells outside of the ones the computer is authorized to obtain. 
E.g. This allows me to authenticate to cells at other organizations just 
by having a password for their realm and (usually) not requiring me to 
"join" my computer to their Active Directory or Kerberos infrastructure.


Coy Hile <coy.hile@coyhile.com> wrote:
> I'm almost certainly missing something obvious here, but why do we
> have the dependency on either KfW or Heimdal for the Windows OpenAFS
> client?  Microsoft already ships Kerberos libraries as part of Active
> Directory; why can we not link against those directly?