[OpenAFS] Re: Heimdal & OpenAFS 1.7.4: Difficult user experience

John Tang Boyland boyland@uwm.edu
Fri, 27 Jan 2012 11:22:44 -0600


As a followup to my last post, I attach a proposed change
the Kerberos section of the Windows installation web page:

Content-Type: text/html
Content-Disposition: inline; filename=openafs-kerberos.html

<h2><a name=kfw>Kerberos (MIT or Heimdal)</a></h2>
<p>OpenAFS for Windows depends on
a third party Kerberos 5 implementation for network authentication.&nbsp; There 
are two supported options:</p>
<li><a target="_self" href="http://web.mit.edu/kerberos/dist/index.html">MIT
Kerberos for Windows</a>
(64-bit releases of KFW are available from
<a href="http://www.secure-endpoints.com/index.html#kfw">Secure Endpoints Inc.</a>)
	<li><a href="https://www.secure-endpoints.com/heimdal/">Heimdal Kerberos</a>
NB: Currently, if you use Heimdal Kerberos with OpenAFS, you must add
<tt>allow_weak_crypto = true</tt>
to the <tt>[libdefaults]</tt> section of <tt>krb5.conf</tt>
in <tt>C:\ProgramData\Kerberos</tt>.
The recommended version of Kerberos v5 for <a href="#release">OpenAFS for Windows 1.6.0b</a> is 
MIT version 
The recommended 
version of Kerberos v5 for <a href="#features-release">OpenAFS for Windows 1.7.4</a>
is Heimdal.<p>MIT 3.2.2 ships
with Network Identity Manager version 1.3.1. Network Identity Manager version 
2.0 is recommended for use with OpenAFS.&nbsp; <a href="https://www.secure-endpoints.com/netidmgr/v2/index.html">Secure Endpoints provides version 2.0 as a free