* Andrew Deason [2011-01-27 09:53:47 -0600]: > On Thu, 27 Jan 2011 15:15:02 +0100 (CET) > Harald Barth <h...@kth.se> wrote: > > > > No Windows AD/KDC planned, but Windows clients integration with > > > standard KDC and possibly OpenAFS will be important. > > > > Good luck with not needing an AD, but I think both Heimdal and MIT can > > be cross realmed with an AD when you need it. > > To be clear, Meie, do you want to use Heimdal/MIT Kerberos for > authentication for logging in to Windows, or do you just want tickets > after you have logged in? > > Integration with the Windows login system I believe is almost always > done via AD. I think it's possible to not use AD if someone wrote a > Kerberos pGina plugin (or maybe Samba, but that's just replacing AD, not > getting rid of its role), but as far as I know nobody does that.
Polyphemus' famous word :-) I do have a handful (too few to bother with an AD) of Windows boxes that authenticate against a Heimdal KDC. I did *not* need to replace MSGINA. Microsoft provides a set of Support Tools (on the Windows installation media, and as a download) that includes a command-line utility known as ksetup. Microsoft has also published instructions on how to use it, and they work for me. At least under Windows 2000 and XP; I haven't had to apply this treatment to a more recent Windows release yet. > But if > you just want to get tickets/tokens after the user has logged in, that > is much more common and easier to do. > > -- > Andrew Deason > adea...@sinenomine.net > _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info