w2k client login to kerberos realm

Brian Thompson brianpm at ghidra.eng.wayne.edu
Mon Nov 11 22:33:04 EST 2002


hartmans at mit.edu (Sam Hartman) wrote in message news:<tslbs4vyem8.fsf at konishi-polis.mit.edu>...
> >>>>> "Tony" == Tony Hoyle <tmh at nodomain.org> writes:
> 
>     Tony> In any case it would be the KDC that would have to pass the
>     Tony> AD authentication information - maybe he was referring to
>     Tony> the patched heimdal he did for samba?
> 
> 
> No, it is simply required that the host service ticket obtained to
> verify the user include the AD information.  Provided that the
> machine's account is with an AD KDC everything can be made to work.
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos

Sam, it sounds like you already have working
exactly what I'm trying to get working. Can
you cut/paste/annotate an output of your 
workstation ksetup?

I'm not clear on whether the client machines
need mapping enabled or not and whether to point
them at the Heimdal KDC machine or the AD machine 
for access to the Heimdal KDC realm.

Thanks for any info!

-Brian



More information about the Kerberos mailing list