Kerberos

From Netatalk Wiki
Revision as of 10:45, 3 February 2014 by Franklahm (Talk | contribs)
Jump to: navigation, search

Enabling SSO with Active Directory

Below are the basic steps needed for SSO with Active Directory.

Using ktpass on Windows

First you must generate a Kerberos service principal for the Netatalk AFP server in AD. This is done with the CLI tool "ktpass" on Windows. The basic syntax is:

ktpass -princ afpserver/fqdn@REALM -mapuser mapuser@domain +rndPass -out afpserver.keytab

Full example:

ktpass -princ afpserver/oi.ad.netafp.com@AD.NETAFP.COM -mapuser ktpassuser@ad.netafp.com +rndPass -out afpserver.keytab

Configure Netatalk

Example:

[Global]
...
k5 keytab = /etc/krb5/afp.keytab
uam list = uams_dhx2.so uams_guest.so uams_gss.so
Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox