Win logon to a MIT Kerberos V KDC?

Turbo Fredriksson turbo at bayour.com
Thu Sep 26 01:26:54 EDT 2002


Quoting "Paul B. Hill" <pbh at MIT.EDU>:

> For which version of Windows?

Preferably all of them. But at the moment I'm working on 2k and XP. 

But I also have a 98 that I would like to connect to this...

> Please read their whitepapers for the information.

I skimmed through them (if you're refering to the 'W2k Kerberos Auth'
and 'W2k Kerberos Interoperability'), but one of them didn't give much
'hands-on' on how to get it to work and the other only dealt with
the other way around (ie, non-win to win).

Quoting Luke Howard <lukeh at PADL.COM>:

> If you are using Windows 2000, you can use ksetup to configure
> authentication against a non-Windows KDC, with the proviso that 
> users must have existing local or Active Directory accounts.

I guess this is also valid for XP etc... ?

Any GOOD HOWTO's on this? The M$ ones didn't "do it for me" so to speak :)

> In any case, a GINA is not the correct place to hook in support for
> additional authentication providers; it only deals with interactive,
> not network, authentication. Existing GINAs that create temporary
> local accounts for users at logon are a kludge at best.

I see. I had a look at the NISGINA a year or so back (never got it
working though) and I 'expected' that there would be a 'KRBGINA'
for this to work...



More information about the Kerberos mailing list