information about kerberos network authentication protocol

prashant navale navale_prashant2001 at
Wed Aug 27 05:56:31 EDT 2003

hello sir,
   this is prashant. i want the information about kerberos network authentication protocol for the seminar. so plz try to help me out of this as early as possible.
thanking you.

Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design softwareeFrom jhutz at Wed Aug 27 21:35:06 2003
	by (8.12.8p1/8.12.8) with ESMTP id h7S1Z6k0001484
	for <kerberos at>; Wed, 27 Aug 2003 21:35:06 -0400 (EDT)
Received: from (MINBAR.FAC.CS.CMU.EDU [])
	for <kerberos at MIT.EDU>; Wed, 27 Aug 2003 21:35:05 -0400 (EDT)
Received: from ([])
          by id aa30066; 27 Aug 2003 21:34 EDT
Date: Wed, 27 Aug 2003 21:34:48 -0400
From: Jeffrey Hutzelman <jhutz at>
To: Marcus Blomenkamp <mblomenk at>, kerberos at MIT.EDU
Message-ID: <2617350000.1062034488 at>
In-Reply-To: <3f4cca4c$0$2333$9b4e6d93 at>
References: <3f4cca4c$0$2333$9b4e6d93 at>
X-Mailer: Mulberry/3.0.3 (Linux/x86)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Mailman-Approved-At: Thu, 28 Aug 2003 00:14:28 -0400
Subject: Re: howto obtain TGT on login to windows machine without AD
X-BeenThere: kerberos at
X-Mailman-Version: 2.1
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <>
List-Help: <mailto:kerberos-request at>
List-Post: <mailto:kerberos at>
List-Subscribe: <>,
	<mailto:kerberos-request at>
List-Archive: <>
List-Unsubscribe: <>,
	<mailto:kerberos-request at>
X-List-Received-Date: Thu, 28 Aug 2003 01:35:06 -0000

On Wednesday, August 27, 2003 17:12:11 +0200 Marcus Blomenkamp 
<mblomenk at> wrote:

> We are using an NT4 domain setup for some time now. We would like to have
> access to a kerberos authenticated filesystem (AFS) without prompting the
> user for an additional password. In our setup we have synchronized
> passwords between PDC and Kerberos. Thus the required TGT obtaining
> procedure can reuse the initially entered password.
> Which software (AFSLogonShell, MIT package ...) will make this possible?
> Using an Active-Directory Controller is not an option for now. Do we have
> to code something GINA/LSA related for ourselves? Has anybody tried
> something similar? Appreciating any input...
> PS: W2K and WXP client machines

You might do better to ask your question on the openafs-info at or 
info-afs at mailing lists, where there are likely people who 
understand what AFS supports on which Windows versions.

I know that at one time, the Windows version of the AFS client software 
included an option to automatically try getting AFS tokens using the same 
password that was used to log in to the machine.  This of course requires 
setting Windows and Kerberos passwords the same, but it doesn't sound like 
that's a problem for you.  It also requires that your Windows client 
machines be configured to believe that your KDC's are AFS database servers.

I haven't looked in a while, so I don't know if the feature is still there 
with W2K and WXP versions of the AFS client.  You might ask on openafs-info.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA

More information about the Kerberos mailing list