[OpenAFS] Migrating Kerberos/LDAP to Samba DC

Benjamin Kaduk kaduk@MIT.EDU
Thu, 12 Nov 2015 22:26:43 -0500 (EST)

On Thu, 12 Nov 2015, Dirk Heinrichs wrote:

> Hi,
> I'd need to add some Windows Professional clients to my otherwise Linux
> only setup. So I thought about replacing Kerberos/LDAP with a Samba DC.
> On the Windows clients, would I still need to install a 3rd-party
> Kerberos package to access AFS, or is Windows' own implementation
> sufficient?

Although in theory one might be able to write a logon provider that can
obtain a token without an external kerberos implementation, the current
OpenAFS code appears to require a third-party kerberos installation for
that functionality.[*]  (It's possible that I'm misreading the code,


[*] Okay, not if you're using kaserver.  But I try to pretend that
kaserver doesn't exist.