interoperability Win2k/Linux

bbense+comp.protocols.kerberos.Jun.10.02@telemark.stanford.edu bbense+comp.protocols.kerberos.Jun.10.02 at telemark.stanford.edu
Mon Jun 10 17:39:53 EDT 2002


-----BEGIN PGP SIGNED MESSAGE-----

In article <3D0515B9.8050003 at cs.umd.edu>,
Derek Yarnell  <derek at cs.umd.edu> wrote:
>> 
>> - The long and short of it, is that if you want to support W2k
>> services, you HAVE to run a W2k Active Directory server. You don't
>> have to keep user passwords in it, but you have to run it.
>> 
>
>So wait you are saying there is a way to pass through the krb5 auth to
>a MIT kdc? How can I do this, while running W2K Active Directory for
>things like exchange... etc..
>

- - I can't give much more than a brief outline. I suggest you 
look into the highered W2K email list archives for more precise
detail. 

Basically, you set up a cross-realm trust btw the AD and the
mit KDC. You then create dummy w2K accounts for each user
and set things up so that foo at MITKDC.EDU can "log in" to 
the AD realm under the foo at ADKDC.EDU realm. 

- - The drawback of this approach is that many windows apps
want to use NTLMV2 which is not supported in this configuration.

- - Booker C. Bense 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBPQUcqAD83u1ILnWNAQFGSwP+PCifikOKFiXcUzkO77mSMkRt6s+Fe3TF
aExeax2wkXDDw5vsfjyuMicqrbR5yyAAH+sKqE/0pu1tqhM7u23Oy1Qpm0x4OIRU
qu4p6DUqP9w9AiSJQiQ4KEa+zoeefcrMDu1Jdu1kuErxPCTk7SmehFoHR1gtumh1
ZeEoAaplBEc=
=rBNC
-----END PGP SIGNATURE-----
-- 





More information about the Kerberos mailing list