Go to http://openafs.org/windows.html and follow the links for Heimdal.
Install the appropriate (32 vs 64-bit) version of Heimdal and Network Identity Manager v2 followed by the current OpenAFS release. Both of these are msi install files. For my purposes, I need to add " allow_weak_crypto = true" to the [libdefaults] section of the krb5.conf file. Configure identities in NIM. My personal choice is to log into OpenAFS manually. Perhaps someone else can comment on integrated login. -----Original Message----- From: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] On Behalf Of Gergely Risko Sent: Thursday, April 10, 2014 4:35 AM To: openafs-info@openafs.org Subject: [OpenAFS] what is the state of the art client setup for openafs + krb5 + windows Hi, In my cell, I use Heimdal + OpenAFS fileserver on linux. I only enabled krb5, the only keytype for my afs principal is aes256-cts-hmac-sha1-96. Everything works great on linux clients with the usual kinit from heimdal, they even get tokens automatically. For MIT clients I have to run an extra aklog, but that's OK. MacOS works too out of the box. My question is about Windows: what is the currently recommeneded practice on windows clients for this kind of KRB5 only installations? I managed to get it working with some combination of MIT kerberos for windows and openafs 1.7, but it involves the user calling kinit and aklog in the command line. This is ugly, because the user has to know, that the graphical password input window is useless and should be ignored. So, what exact binaries do you guys download and use on Windows 7 to get graphical kerberos password prompt and openafs tokens? Thanks, Gergely _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
