John W. Sopko Jr. wrote: > I should have been more clear. I am only running a TEST > krb5 1.4.4 server under linux. I am still running kaserver. > Like lots of folks looking to migrate to K5, have been for > years.
oh, much relief felt by all :-) > I would prefer to keep the dns/realm/afs.cell names all the same. > The only way to do this is to run one kerberos 5 server. The > linux krb5_pam module seems to work fine for authenticating > to k5 and getting afs tokens. Aklog works great also. Have tested > linux krb5_pam and apache authentication to Windows AD. > > We run 3 active directory servers, currently Windows 2000 > to be upgraded to 2003 very soon. We have a Windows group that > manages these machines. > > I am trying to piece things together like Eric. > What we need is clear steps on how to create the Windows > AD afs/cell.name user and the proper way to export the > afs/cell.name key. Would be nice to have this for both > W2K and W2003. The linux "asetkey" man page is real clear > on how to do this in linux, (thanks Russ). The instructions I provided should work for you. If they don't, scream. > I plan on trying to attend the AFS & Kerberos > Best Practices Workshop 2007. I am sure over the next few > months things will get more clear on this. There is a talk from last years workshop by Derrick on this very topic. Jeffrey Altman _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info