Silvia Roedelsperger wrote:
Hi,
i've got a question.
Does anyone know a documentation or a howto on using Active Directory
(Windows 2008 Server) as the KDC in an OpenAFS installation?
John Spoko Jr wrote this up:
http://www.openafs.org/pipermail/openafs-info/2007-January/025039.html
The case 1 looks good.
You may also want the AD admin to set the userAccountControl flag
0x2000000 in the afs account so the MS PAC will be not be sent in the ticket.
The PAC can be large 12K, and since AFS does not use it, it can reduce
the size of tickets/tokens from 13K to about 400 bytes.
See:
http://support.microsoft.com/kb/832572
Our test environment for the OpenAFS server ist running on a Debian Etch
machine.
I just found this old thread from 2004:
http://www.openafs.org/pipermail/openafs-info/2004-June/013771.html
Unfortunately, this thread doesn't helped me very much.
To have two Kerberos-servers (on the one hand the Windows 2008 Server,
on the other Hand a MIT-Kerberos Server at the Debian machine) with the
same user-accounts doesn't make very much sense to me.
Same realm names? Or not?
Thanks in advance! :-)
Greetings, Silvia
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
