Win logon to a MIT Kerberos V KDC?

Turbo Fredriksson turbo at bayour.com
Mon Sep 30 02:25:33 EDT 2002


Quoting Luke Howard <lukeh at PADL.COM>:

> >    Luke> Adding support to a KDC for the PAC is not that difficult if
> >    Luke> you have a sensible architecture (for example, an integrated
> >    Luke> directory backend for the KDC). The difficulty lies in some
> >    Luke> of the other, unpublished, protocols which are necessary to
> >    Luke> domain logon.
> >
> >Isn't M$ publishing all the addition/changes to the LDAP/Kerberos
> >protocol?
> 
> You will need to execute a non-disclosure agreement before they will
> disclose the licensing terms.

Which means you/we can't use them to something OpenSource if I'm not
mistaken(?).

> >And 'integrated directory backend'. Couldn't that be a OpenLDAP2
> >server tied with Kerberos (the way openldap2+heimdal combo does it)?
> 
> What, the one we wrote? :-)

Yeah. Now, how about doing that for MIT Kerberos as well? :)

> More information on our implementation is at:
> 
> 	http://www.padl.com/Research/XAD.html

Looks like it's almost complete!? Any informations on how to replace
(completely?) a 'M$ Active Directory server' with 'something OpenSource'?



More information about the Kerberos mailing list