We are using an NT4 domain setup for some time now. We would like to have access to a kerberos authenticated filesystem (AFS) without prompting the user for an additional password. In our setup we have synchronized passwords between PDC and Kerberos. Thus the required TGT obtaining procedure can reuse the initially entered password.
Which software (AFSLogonShell, MIT package ...) will make this possible? Using an Active-Directory Controller is not an option for now. Do we have to code something GINA/LSA related for ourselves? Has anybody tried something similar? Appreciating any input...
PS: W2K and WXP client machines
You might do better to ask your question on the [EMAIL PROTECTED] or [EMAIL PROTECTED] mailing lists, where there are likely people who understand what AFS supports on which Windows versions.
I know that at one time, the Windows version of the AFS client software included an option to automatically try getting AFS tokens using the same password that was used to log in to the machine. This of course requires setting Windows and Kerberos passwords the same, but it doesn't sound like that's a problem for you. It also requires that your Windows client machines be configured to believe that your KDC's are AFS database servers.
I haven't looked in a while, so I don't know if the feature is still there with W2K and WXP versions of the AFS client. You might ask on openafs-info.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
