KfW 2.6 and NT Domains
Jeffrey Altman
jaltman2 at nyc.rr.com
Fri Jul 14 18:11:28 EDT 2006
Sensei wrote:
> Hi!
>
> I'm back on 2.6 for production machines, but now I'm working on some
> testing XP clients. These clients are joined to a NT domain (a Samba 3
> NT domain) with roaming profile. Samba username and password match the
> corresponding MIT principal.
NT4 domains do not use Kerberos and KFW 2.6.5 does not provide a
Network Provider DLL for use in obtaining Kerberos tickets at logon.
This feature was first introduced in KFW 3.0.
> I expected to have an integrated logon gaining the kerberos ticket as if
> it were a local user, but unfortunately, leash comes up asking for
> principal and password.
>
> Moreover, there's a weird behavior. The AFS integrated logon works like
> a charm gaining the token for a user without any password, both a local
> one and a NT domain user with a roaming profile. Still leash doesn't
> show any ticket, but only the AFS token. Note that I'm not running
> kaserver, but a pure MIT KDC.
>
> Am I missing something really obvious?
The OpenAFS for Windows Integrated Logon stores the Kerberos ticket
in a cache named for the user principal. If the principal is
joe at MY.COMPANY
then the cache is
API:joe at MY.COMPANY
If you configure Leash to use that as the default ccache for the user
I am sure you will see the tickets.
Jeffrey Altman
More information about the Kerberos
mailing list