[OpenAFS] what is the state of the art client setup for openafs + krb5 + windows

Gergely Risko gergely@risko.hu
Thu, 10 Apr 2014 10:34:45 +0200


Hi,

In my cell, I use Heimdal + OpenAFS fileserver on linux.

I only enabled krb5, the only keytype for my afs principal is
aes256-cts-hmac-sha1-96.  Everything works great on linux clients with
the usual kinit from heimdal, they even get tokens automatically.  For
MIT clients I have to run an extra aklog, but that's OK.  MacOS works
too out of the box.

My question is about Windows: what is the currently recommeneded
practice on windows clients for this kind of KRB5 only installations?  I
managed to get it working with some combination of MIT kerberos for
windows and openafs 1.7, but it involves the user calling kinit and
aklog in the command line.  This is ugly, because the user has to know,
that the graphical password input window is useless and should be ignored.

So, what exact binaries do you guys download and use on Windows 7 to get
graphical kerberos password prompt and openafs tokens?

Thanks,
Gergely