interoperability Win2k/Linux

David Lawler Christiansen (NT) davidchr at
Mon Jun 10 17:56:35 EDT 2002

> > Linux client --> MIT kdc --> win2k service
> > win2k client --> MIT kdc --> win2k service
> - Only if the w2k service doesn't use embedded authority
> data in the kerberos ticket. I.e. only if you write the 
> service yourself.

Untrue.  Local authorization can still be performed in the absence of a
Windows KDC using local mappings that can be created using KSETUP.  You
don't HAVE to have an intervening Win2K Domain, but it is significantly
easier to do so.

This message or posting is provided "AS IS" with no warranties, and
confers no rights.
Any opinions or policies stated within are my own and do not necessarily
constitute those of my employer.
I reside in Washington, USA, where Title 19 declares that sending me
Unsolicited Commercial Email can result in a $500 fine.
Harvesting of this address for purposes of bulk email (spam and UCE) is
expressly prohibited unless by my explicit prior request.  I retaliate
viciously against spammers and spam sites.

> -----Original Message-----
> From: Booker C. Bense [mailto:bbense at] 
> Sent: Thursday, June 06, 2002 11:46 AM
> To: francis
> Cc: kerberos at
> Subject: Re: interoperability Win2k/Linux

More information about the Kerberos mailing list