[OpenAFS] Migrating Kerberos/LDAP to Samba DC
Benjamin Kaduk
kaduk@MIT.EDU
Thu, 12 Nov 2015 22:26:43 -0500 (EST)
On Thu, 12 Nov 2015, Dirk Heinrichs wrote:
> Hi,
>
> I'd need to add some Windows Professional clients to my otherwise Linux
> only setup. So I thought about replacing Kerberos/LDAP with a Samba DC.
> On the Windows clients, would I still need to install a 3rd-party
> Kerberos package to access AFS, or is Windows' own implementation
> sufficient?
Although in theory one might be able to write a logon provider that can
obtain a token without an external kerberos implementation, the current
OpenAFS code appears to require a third-party kerberos installation for
that functionality.[*] (It's possible that I'm misreading the code,
though.)
-Ben
[*] Okay, not if you're using kaserver. But I try to pretend that
kaserver doesn't exist.