On 6/2/2012 9:07 AM, Simon Wilkinson wrote: > On 2 Jun 2012, at 01:47, Jayen Ashar wrote: > >> Would setting up our own realm for the AFS server work? Could all >> users would be authenticated cross-realm? (We are not concerned with >> cross-realm attacks at the moment.) Would any changes be needed to >> the users' KDCs? > > Yes. This should work, provided you can set up a cross realm trust between > the active directory realm, and the one in which your AFS service lives. The > only change necessary to the user's KDCs would be to enable this cross realm > trust.
When you create the new realm be sure to also create a new DNS subdomain. The cross realm from Windows to the MIT/Heimdal realm will not work properly if the AFS database servers have names which are in the DNS domain which is served by the Active Directory domain. Jeffrey Altman
signature.asc
Description: OpenPGP digital signature
