Win logon to a MIT Kerberos V KDC?
turbo at bayour.com
Thu Sep 26 01:26:54 EDT 2002
Quoting "Paul B. Hill" <pbh at MIT.EDU>:
> For which version of Windows?
Preferably all of them. But at the moment I'm working on 2k and XP.
But I also have a 98 that I would like to connect to this...
> Please read their whitepapers for the information.
I skimmed through them (if you're refering to the 'W2k Kerberos Auth'
and 'W2k Kerberos Interoperability'), but one of them didn't give much
'hands-on' on how to get it to work and the other only dealt with
the other way around (ie, non-win to win).
Quoting Luke Howard <lukeh at PADL.COM>:
> If you are using Windows 2000, you can use ksetup to configure
> authentication against a non-Windows KDC, with the proviso that
> users must have existing local or Active Directory accounts.
I guess this is also valid for XP etc... ?
Any GOOD HOWTO's on this? The M$ ones didn't "do it for me" so to speak :)
> In any case, a GINA is not the correct place to hook in support for
> additional authentication providers; it only deals with interactive,
> not network, authentication. Existing GINAs that create temporary
> local accounts for users at logon are a kludge at best.
I see. I had a look at the NISGINA a year or so back (never got it
working though) and I 'expected' that there would be a 'KRBGINA'
for this to work...
More information about the Kerberos