> This works perfectly for all our Unix variants. But existing Windows
> clients could not authenticate unless I enable kerberos 4 support
> and diable preauthentication for all users.
Ka was never written for Windows. It had Kerberos v4 from the beginning.
> It feels like a step backwards on se
The Windows OpenAFS client does not support the rx based kaserver
protocol. It only supports the Kerberos v4 protocol which was also
supported by kaserver. For Kerberos v5 support, the users must install
a Kerberos v5 implementation. The only one supported at present is MIT
Kerberos for Windows.
I have recently migrated our old AFS cell from kaserver to Heimdal with
kaserver emulation. Yes, I know! This was probably the last cell to do
this.
Basically i did this:
* Make a copy of the kaservers database
* Import the database into Heimdal (using hprop | hpropd from the FAQ)
* Install