[OpenAFS] Why the KfW/Heidmdal dependency with OpenAFS for Windows?
Christopher D. Clausen
Mon, 3 Oct 2011 08:56:04 -0500
The Microsoft libraries are only useful if one is actually using the
Windows Kerberos parts (either through Active Directory or ksetup.exe
with a realm.)
For your standard home user, they aren't going to be using either and
need a way to enter Kerberos credentials from within Windows itself.
Think of it as Windows not having a kinit command. Windows can only
obtain initial Kerberos credentials from the login screen.
Also, KfW or Heimdal allow one to obtain credentials for different
realms/cells outside of the ones the computer is authorized to obtain.
E.g. This allows me to authenticate to cells at other organizations just
by having a password for their realm and (usually) not requiring me to
"join" my computer to their Active Directory or Kerberos infrastructure.
Coy Hile <email@example.com> wrote:
> I'm almost certainly missing something obvious here, but why do we
> have the dependency on either KfW or Heimdal for the Windows OpenAFS
> client? Microsoft already ships Kerberos libraries as part of Active
> Directory; why can we not link against those directly?