Native Win2K Krb Authentication + Client apps
dalmeida
dalmeida at MIT.EDU
Fri May 3 15:42:49 EDT 2002
In addition, since KLP is krb4-only, so you would have to run k524init
(provided in KfW) to get v4 creds (assuming you have the 524 service
running).
- Danilo
-----Original Message-----
From: kerberos-admin at MIT.EDU [mailto:kerberos-admin at MIT.EDU] On Behalf
Of Sam Hartman
Sent: Friday, May 03, 2002 7:55 AM
To: Joshua Ginsberg
Cc: kerberos at mit.edu
Subject: Re: Native Win2K Krb Authentication + Client apps
>>>>> "Joshua" == Joshua Ginsberg <joshg at myrealbox.com> writes:
Joshua> I know Windows 2000 Professional defaults to
Joshua> authenticating against Kerberos rather than NTLM. Logging
Joshua> into Win2K obtains the user's Kerberos credentials.
Joshua> Can these credentials be used by client applications that
Joshua> weren't necessarily built against Microsoft's Kerberos
Joshua> implementation? For example, if a user logs in on Windows
Joshua> 2000 and attempts to use the KLP package provided by MIT
Joshua> for kerberized print services, will KLP recognize and use
Joshua> the credentials that Win2K obtained?
Not by default (although I'd like to see this change). However,
Kerberos for Windows does include a program called ms2mit that can be
run in a login script and will convert these credentials into Kerberos
version 5 credentials that KFW can use. Once this program is run
applications linked against the MIT libraries will use the
credentials. Running ms2mit does not require the user to type their
password again.
________________________________________________
Kerberos mailing list Kerberos at mit.edu
http://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list