-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi!
Now I´m on my way to switch from MIT krb5 server to Win 2003 AD krb5 server to use only ONE auth in my cell :-) In that way I´ve got some questions. 1. is it possible, to use both server and use both to obtain tickets/tokens in the time of changing? Is there a problem with kvno? Or just set the Win Key one number higher than MIT key? 2. creating user in AD is clear to me, do I need to map them via the setspn version? 3. How to create host-entries? Just add a "Computer" to the AD? Some special Options to take care of? 4. I created a afs user in the AD as a normal user with the login afs, set user cannot change passwd, passwd never expires. Afterward I setspn afs/cgv.tugraz.at to afs. Was this correct? Any other options to check? 5. I installed the Win 2003 SP2 and tools for SP2, so no need to worry about ktpass? 6. After ktpass export the afs key and import it into afs servers, I can change the clients to auth against Win 2003 AD. Is it enough just to change the IP in the krb5.conf file? Thanks for the help so far. I just want to be sure that it works the way I think it should. MfG, Lars Schimmer - -- - ------------------------------------------------------------- TU Graz, Institut für ComputerGraphik & WissensVisualisierung Tel: +43 316 873-5405 E-Mail: [EMAIL PROTECTED] Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGZtCsmWhuE0qbFyMRApoJAJ9/0fd7OAmj07X7LQnW3Pt6V+/DogCfdMA9 ujOz7snBebs254iO6pgRKUM= =qIcE -----END PGP SIGNATURE----- _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
