Win logon to a MIT Kerberos V KDC?
Turbo Fredriksson
turbo at bayour.com
Mon Sep 30 02:25:33 EDT 2002
Quoting Luke Howard <lukeh at PADL.COM>:
> > Luke> Adding support to a KDC for the PAC is not that difficult if
> > Luke> you have a sensible architecture (for example, an integrated
> > Luke> directory backend for the KDC). The difficulty lies in some
> > Luke> of the other, unpublished, protocols which are necessary to
> > Luke> domain logon.
> >
> >Isn't M$ publishing all the addition/changes to the LDAP/Kerberos
> >protocol?
>
> You will need to execute a non-disclosure agreement before they will
> disclose the licensing terms.
Which means you/we can't use them to something OpenSource if I'm not
mistaken(?).
> >And 'integrated directory backend'. Couldn't that be a OpenLDAP2
> >server tied with Kerberos (the way openldap2+heimdal combo does it)?
>
> What, the one we wrote? :-)
Yeah. Now, how about doing that for MIT Kerberos as well? :)
> More information on our implementation is at:
>
> http://www.padl.com/Research/XAD.html
Looks like it's almost complete!? Any informations on how to replace
(completely?) a 'M$ Active Directory server' with 'something OpenSource'?
More information about the Kerberos
mailing list