Kerberos

From Netatalk Wiki
(Difference between revisions)
Jump to: navigation, search
Line 19: Line 19:
 
* Enable the GSS UAM (add uams_gss.so to 'uam list' in afp.conf -- must be compiled of course)
 
* Enable the GSS UAM (add uams_gss.so to 'uam list' in afp.conf -- must be compiled of course)
  
[Category:Howtos]]
+
[[Category:Howtos]]

Revision as of 10:42, 3 February 2014

Enabling SSO with Active Directory

Below are the basic steps needed for SSO with Active Directory.

Using ktpass on Windows

First you must generate a Kerberos service principal for the Netatalk AFP server in AD. This is done with the CLI tool "ktpass" on Windows. The basic syntax is:

ktpass -princ afpserver/fqdn@REALM -mapuser mapuser@domain +rndPass -out afpserver.keytab

Full example:

ktpass -princ afpserver/oi.ad.netafp.com@AD.NETAFP.COM -mapuser ktpassuser@ad.netafp.com +rndPass -out afpserver.keytab

Configure Netatalk

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox