Windows 2000 Server as KDC
John Rudd
jrudd at ucsc.edu
Tue Jul 22 11:25:13 EDT 2003
On Tuesday, Jul 22, 2003, at 07:52 US/Pacific, Ken Hornstein wrote:
>
>>> an easier solution would be to setup a windows realm for Win2k KDC
>>> and a cross re
>> alm trust with a linux box in a different realm.
>>>
>>
>> We were doing this (with Solaris, not Linux), but when the bug and fix
>> for the cross-realm security hole came out a few months ago, that
>> caused
>> it all to break (we need krb4 cross-realm auth because AFS is in the
>> picture). So, we're basically running an older un-patched krb524d in
>> order to keep things working ... but that doesn't make me comfortable
>> in
>> the long run, so I'm looking for other solutions.
>
> So why haven't you switched to a V5 solution for AFS? Lots of people
> have done this, and it works just fine, even with cross-realm. This
> is assuming you're running a new enough version of OpenAFS, of course.
>
We're not running OpenAFS. Still Transarc AFS.
I hadn't heard that there's a pure krb5 solution for AFS, though ...
even with OpenAFS.
John
More information about the Kerberos
mailing list