On Wednesday, June 22, 2005 07:06:42 AM -0400 Jeffrey Altman
<[EMAIL PROTECTED]> wrote:
Ming Hou wrote:
Hi,
I would like to have fakeka to work with Windows 2000 AD, and I think
that fakeka is going to run on my AFS database server. Are there some
successful cases to make it works? If yes, how should I do to set it up?
Thank you.
ming
fakeka provides a Kerberos 4 service. Active Directory does not
support Kerberos 4. You would have to write one that had access to
the user's password and the key associated with the afs service.
Actually, fakeka provides the kaserver service, not Kerberos 4. It
provides support for the kaserver authentication service (the equivalent of
the Kerberos AS and TGS), and to do so it needs access to the contents of
the Kerberos database, which means it must run on the KDC (not the AFS
database servers), and the KDC must use a database format it understands.
The support (or lack thereof) of Kerberos 4 in the Windows AD is not at
issue here; the database format is. The current fakeka code understands
only the MIT Kerberos database format (in fact, it doesn't even understand
that -- it uses an internal Kerberos database API). The AD database format
is undocumented, not a public interface, and subject to change between
versions. Writing software which accessed it directly would be quite
difficult.
Exactly what functionality do you require that you think fakeka will help
you with? Perhaps we can help you find another way to get what you need.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
