bbense+comp.protocols.kerberos.Jun.10.02 at telemark.stanford.edu
Mon Jun 10 17:39:53 EDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
In article <3D0515B9.8050003 at cs.umd.edu>,
Derek Yarnell <derek at cs.umd.edu> wrote:
>> - The long and short of it, is that if you want to support W2k
>> services, you HAVE to run a W2k Active Directory server. You don't
>> have to keep user passwords in it, but you have to run it.
>So wait you are saying there is a way to pass through the krb5 auth to
>a MIT kdc? How can I do this, while running W2K Active Directory for
>things like exchange... etc..
- - I can't give much more than a brief outline. I suggest you
look into the highered W2K email list archives for more precise
Basically, you set up a cross-realm trust btw the AD and the
mit KDC. You then create dummy w2K accounts for each user
and set things up so that foo at MITKDC.EDU can "log in" to
the AD realm under the foo at ADKDC.EDU realm.
- - The drawback of this approach is that many windows apps
want to use NTLMV2 which is not supported in this configuration.
- - Booker C. Bense
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Kerberos