[OpenAFS] what is the state of the art client setup for openafs
+ krb5 + windows
Thu, 10 Apr 2014 19:03:46 +0000
Go to http://openafs.org/windows.html and follow the links for Heimdal.
Install the appropriate (32 vs 64-bit) version of Heimdal and Network Ident=
ity Manager v2 followed by the current OpenAFS release. Both of these are m=
si install files.
For my purposes, I need to add " allow_weak_crypto =3D true" to the [libdef=
aults] section of the krb5.conf file.
Configure identities in NIM.
My personal choice is to log into OpenAFS manually. Perhaps someone else ca=
n comment on integrated login.
From: firstname.lastname@example.org [mailto:email@example.com=
] On Behalf Of Gergely Risko
Sent: Thursday, April 10, 2014 4:35 AM
Subject: [OpenAFS] what is the state of the art client setup for openafs + =
krb5 + windows
In my cell, I use Heimdal + OpenAFS fileserver on linux.
I only enabled krb5, the only keytype for my afs principal is aes256-cts-hm=
ac-sha1-96. Everything works great on linux clients with the usual kinit f=
rom heimdal, they even get tokens automatically. For MIT clients I have to=
run an extra aklog, but that's OK. MacOS works too out of the box.
My question is about Windows: what is the currently recommeneded practice o=
n windows clients for this kind of KRB5 only installations? I managed to g=
et it working with some combination of MIT kerberos for windows and openafs=
1.7, but it involves the user calling kinit and aklog in the command line.=
This is ugly, because the user has to know, that the graphical password i=
nput window is useless and should be ignored.
So, what exact binaries do you guys download and use on Windows 7 to get gr=
aphical kerberos password prompt and openafs tokens?
OpenAFS-info mailing list