Native Win2K Krb Authentication + Client apps
Sam Hartman
hartmans at MIT.EDU
Fri May 3 10:55:26 EDT 2002
>>>>> "Joshua" == Joshua Ginsberg <joshg at myrealbox.com> writes:
Joshua> I know Windows 2000 Professional defaults to
Joshua> authenticating against Kerberos rather than NTLM. Logging
Joshua> into Win2K obtains the user's Kerberos credentials.
Joshua> Can these credentials be used by client applications that
Joshua> weren't necessarily built against Microsoft's Kerberos
Joshua> implementation? For example, if a user logs in on Windows
Joshua> 2000 and attempts to use the KLP package provided by MIT
Joshua> for kerberized print services, will KLP recognize and use
Joshua> the credentials that Win2K obtained?
Not by default (although I'd like to see this change). However,
Kerberos for Windows does include a program called ms2mit that can be
run in a login script and will convert these credentials into Kerberos
version 5 credentials that KFW can use. Once this program is run
applications linked against the MIT libraries will use the
credentials. Running ms2mit does not require the user to type their
password again.
More information about the Kerberos
mailing list