Win logon to a MIT Kerberos V KDC?
Douglas E. Engert
deengert at anl.gov
Thu Sep 26 14:24:15 EDT 2002
Turbo Fredriksson wrote:
>
> >>>>> "Turbo" == Turbo Fredriksson <turbo at bayour.com> writes:
>
> >>>>> "Eric" == Eric Lee Steadle <esteadle at spinnakernet.com> writes:
> Eric> Tell us more about your Windows client. Version, Service
> Eric> Pack, etc. Does it participate in a domain? Have any
> Eric> registry settings been adjusted? etc.
>
> Turbo> Windows 2000 5.00.2195, Service Pack 3.
>
> Sorry. Only read the first part :)
>
> No domain, only a workgroup (originaly WORKGROUP, but that ended
> up being MYREALM.TLD after running 'ksetup.exe'). I've changed
> some registry settings. Kerberos logging, w32time entries etc.
> Not anything else that I can remember...
I am runing something similiar, with the W2K laptop not being part
of the domain but the workgroup KRB5.ANL.GOV. I can authenticate
using either a principal in the KRB5.ANL.GOV realm (MIT KDC) or
the W2K domain of ANL.GOV The do cross realm, and the machine is
registered in the KRB5.ANL.GOV realm.
Check that under the System Properities->Network Identification->Proprities->More
the "Change primary DNS suffix when domain membership changes" is not checked.
On that previous screen the Full computer name is the hostname,
and the Workgroup name is the realm. So the principal of the host is
host/<Full computer name>@<Workgroup>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list