>> Integration with the Windows login system I believe is almost always >> done via AD. I think it's possible to not use AD if someone wrote a >> Kerberos pGina plugin (or maybe Samba, but that's just replacing AD, not >> getting rid of its role), but as far as I know nobody does that. But if >> you just want to get tickets/tokens after the user has logged in, that >> is much more common and easier to do. > > You can do windows login with just Kerberos (no Samba/AD), at least in my > testing on XP and 2003. You'll need ksetup.exe from the tools package for > your OS. This link has a good bit of info: > http://www.wlug.org.nz/WinXP%2BKrb5%2BAFS > There's also an old AFSBPW presentation from UNCC with some (now dated) > material about integrating profiles and other things which was helpful in > understanding the process.
On a related note, we'd like to pass through authentication from AD to our MIT kerberos realm. There are various documents on the net that talk about this, and I'm told that it's done in various places (e.g., umich), but we have been so far unable to make it work. Does anyone know of instructions on how to make this work with win2008? We are doing a greenfield AD install. I suppose we might consider using samba instead if that makes the process easier. danno -- Dan Pritts, Sr. Systems Engineer Internet2 office: +1-734-352-4953 | mobile: +1-734-834-7224 _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
