Prasun Gupta wrote:
We would like to not have any windows user account or an active directory account. The only places account information would be kept is in Kerberos and the openafs servers.
This is going to be a problem because OpenAFS only keeps a mapping from the Kerberos principal name to a cell specific AFS ID that is used for the construction of group memberships and access control lists. A Kerberos server only stores principal names for clients and servers and the associated keys. The "account" information that you require are things like: * Windows account GUID for the user * Home directory location * Profile location * Windows Group memberships and that information needs to be kept someplace.
smime.p7s
Description: S/MIME Cryptographic Signature
