I have been following this thread. I also want to test our Windows AD for
authentication. I have tested a krb5 server on linux and am familiar with
generating a keytab/KeyFile for the afs/cell.name service principal using
kadmin and asetkey. I got a bit confused with your Windows AD procedure.
John:
unless you plan to get rid of the MIT realm and move all of your
principals to active directory, you are going to have to rename
one of the Kerberos realms.
In my family there are two first cousins named Jeffrey who were
born two weeks apart. Our Mothers both loved the name and refused
to
Jeffrey Altman wrote:
John:
unless you plan to get rid of the MIT realm and move all of your
principals to active directory, you are going to have to rename
one of the Kerberos realms.
I should have been more clear. I am only running a TEST
krb5 1.4.4 server under linux. I am still running
John W. Sopko Jr. wrote:
I should have been more clear. I am only running a TEST
krb5 1.4.4 server under linux. I am still running kaserver.
Like lots of folks looking to migrate to K5, have been for
years.
oh, much relief felt by all :-)
I would prefer to keep the dns/realm/afs.cell names
Yes I will try your instructions, I am not in control
of our Windows servers and they are running W2K. I do
have access to a test W2003 AD server.
* Use a working (non-2003 SP1) version of ktpass to export the key
The 2003 SP1 Support Tools version is 5.2.3790.1830. Do not use it.
So
Announcing version 1.0 of the AFS Tokens gui for Macintosh.
Available from https://forge.cornell.edu/sf/projects/afs_tokens - click on File
Releases
The released binary is a Universal Binary compiled under Tiger.
Changes:
*Added a preferences dialog for choosing between kaserver/kerberos 5