As long as you are using a recent version of OpenAFS for your clients and servers, 1.4 RC2 is current, then you can utilize Active Directory as the realm associated with the cell.
You need to add a service principal of "afs/[EMAIL PROTECTED]" to AD and set the account to "use DES only". Export the key to a keytab file with "ktpass" and then import it into AFS using "asetkey" from Ken Hornstein's krb5 migration kit. (Sorry but we don't yet have asetkey in the OpenAFS 1.4 distribution.) You will also need to configure the cell to use "REALM" as its realm name if the cellname and realm name differ by more than case. AFS has a krb.conf file that the realm name must be stored in. Jeffrey Altman [EMAIL PROTECTED] wrote: > Hello, > > I have successfully setup an AFS test environment under Linux using the > integrated kaserver. The local infrastructure consists of about 100 clients > running both windows and linux. Until now the linux clients authenticate > themselves against the Windows Active Directory while using nfs as network > filesystem. > > I plan to use AFS for all the linux clients in the future but as I don't want > to keep double user data on the network it is desirable to make AFS > authenticating through Active Directory. > > I've already read about the possibility of using an external kerberos5 dc for > authentication of AFS. But even about that topic I could only find few > information on the net. > > I appreciate any additional information about the possibility of doing this > and possible approaches. > > Thanks in advance, > > Matthias > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info
begin:vcard fn:Jeffrey Altman n:Altman;Jeffrey org:Secure Endpoints Inc. adr:;;255 W 94TH ST PHB;NEW YORK;NY;10025;United States email;internet:[EMAIL PROTECTED] title:President tel;work:+1 212 769-9018 x-mozilla-html:TRUE url:http://www.secure-endpoints.com version:2.1 end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature
