Authentication to ADS

Wyllys Ingersoll wyllys.ingersoll at sun.com
Mon Jun 24 17:08:33 EDT 2002


Kurt A Bolko wrote:
 > Hello,
 >
 > I was wondering if anyone had successfully authenticated a kerberos 
client
 > on linux/solaris/sgi to a windows ADS server?  If so what information 
did
 > you require from the ADS configuration to properly configure the linux
 > client?
 >
 > What I'm attempting to do is to authenticate a client through pam to an
 > ADS server.  This is an attempt to create a single login for all 
users on
 > our network, thus eliminating our linux ldap server.
 >
 > Thanks,
 >

Im assuming ADS = Active Directory Server... if not, disregard
everything below this line :)

There should be no problem authenticating Unix users to an AD
KDC, just configure your krb5.conf files on the Unix systems to use
the correct realm and server and it *should* work.

UNLESS, your user's in the Active Directory server are in alot of
"groups" in the AD Domain, then you will have problems because
AD will try to send responses to your client over TCP, but MIT-based
Kerberos clients don't (yet) support TCP responses.

This brings up a question I've been wondering - when is MIT going
to include TCP support, at least on the client side, so that they can
receive and process TCP responses from AD ?

-Wyllys





More information about the Kerberos mailing list