[OpenAFS-win32-devel] Kerberos 5 + AD + OpenAFS

Jeffrey Altman OpenAFS <OpenAFS-info@openafs.org>
Mon, 24 Dec 2012 09:24:33 -0500


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig102B92E44B2CB93544C3B63B
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

To use Active Directory as a Kerberos realm for OpenAFS please read the
OpenAFS wiki.

  http://wiki.openafs.org/win2008r2adaskdc/

I have set the reply-to on this message to openafs-info@openafs.org.
You must join the mailing list before you post to it.

  http://lists.openafs.org/mailman/listinfo/openafs-info

As with any Kerberos based solution, users must authenticate.  A domain
user will obtain a Kerberos ticket as part of the Windows logon process.
They must also obtain an AFS token using integrated logon, aklog
(command line), or an AFS aware credentials manager such as Network
Identity Manager.

As Mickey mentioned, the openafs-win32-devel mailing list is intended
for discussions regarding windows specific development.

Jeffrey Altman



On 12/24/2012 3:22 AM, =E6=9D=AD=E5=8F=8B=E6=98=A5 wrote:
> Dear all=EF=BC=9A
> I need to make a solution that includes Kerberos,AD and OpenAFS.
> I installed the AD Domain Control on the windows 2008r2,and I installed=

> the Identity Management for UNIX role in the domain controller.I fond
> the 2008r2 had the KDC,so I'd like to use the DC as the kerberos 5
> server.I hope all the domain user can use the OpenAFS without
> authentication.
> How to make the OpenAFS a service principal?
> Is it must to jion the OpenAFS server to the Domain?And how?
> Is there any successful solution offered in the internet?
> I hope someone could give me some documents.
> Thanks very much.



--------------enig102B92E44B2CB93544C3B63B
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEbBAEBAgAGBQJQ2GWjAAoJENxm1CNJffh4iSYH91XGB0v5RZ7KRAb4pqw/RUJd
W+l5IqATzhVFgPhSuvZUTGwWMRVROjidxg7P/udSWTeqMV7YHlJXOy6u0P8mIPZe
5P5/z327l/JMV0fFs0sddCQkya/Debx5UilLRQNiOABBQwM/pdZpUxCzhOVMWPq9
fBrfXnLBdsirZCVstK5V2UnPIiwqrBMun2pab5zUWRNBTzNt2OQskieETMSiOCDi
1CPUKHXxFPgqpdWwOhmFPpGSCoahFTW0yqgZXEQx+jrcxtUbEFP8mtj2XUe4s9rS
esOE9KTIYZXgqXqCm/+KRVsJ06jPjgGrYTr3LWLkBgtZP8Mfw/r+LGDR9qdaKA==
=dM0+
-----END PGP SIGNATURE-----

--------------enig102B92E44B2CB93544C3B63B--