File serving through Kerberos authentication
In my network, I have a KDC server running Windows Server 2003 (gamma), a Linux file server (delta), and a Linux client (epsilon) that can successfully retrieve a KRB5 ticket from gamma. At the moment, I'm wondering what file system I should use for the shares on delta. I'm looking primarily at OpenAFS and NFSv4, unless someone can suggest a better solution.
Ideally, when epsilon wants to mount one of delta's shares, it needs to authenticate with gamma first. What should happen is that epsilon's forwardable ticket should be sent to delta, which then checks against gamma. If gamma approves the ticket for the share, delta continues and lets epsilon mount it.
Is what I want to do even possible? If at all possible, I would like to avoid using a keytab, as I've encountered many problems creating it with matching knvo's. Thanks for any help.