information about kerberos network authentication protocol
navale_prashant2001 at yahoo.com
Wed Aug 27 05:56:31 EDT 2003
this is prashant. i want the information about kerberos network authentication protocol for the seminar. so plz try to help me out of this as early as possible.
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design softwareeFrom jhutz at cmu.edu Wed Aug 27 21:35:06 2003
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
by pch.mit.edu (8.12.8p1/8.12.8) with ESMTP id h7S1Z6k0001484
for <kerberos at PCH.mit.edu>; Wed, 27 Aug 2003 21:35:06 -0400 (EDT)
Received: from minbar.fac.cs.cmu.edu (MINBAR.FAC.CS.CMU.EDU [18.104.22.168])
for <kerberos at MIT.EDU>; Wed, 27 Aug 2003 21:35:05 -0400 (EDT)
Received: from minbar.fac.cs.cmu.edu ([22.214.171.124])
by minbar.fac.cs.cmu.edu id aa30066; 27 Aug 2003 21:34 EDT
Date: Wed, 27 Aug 2003 21:34:48 -0400
From: Jeffrey Hutzelman <jhutz at cmu.edu>
To: Marcus Blomenkamp <mblomenk at gmx.de>, kerberos at MIT.EDU
Message-ID: <2617350000.1062034488 at minbar.fac.cs.cmu.edu>
In-Reply-To: <3f4cca4c$0$2333$9b4e6d93 at newsread2.arcor-online.net>
References: <3f4cca4c$0$2333$9b4e6d93 at newsread2.arcor-online.net>
X-Mailer: Mulberry/3.0.3 (Linux/x86)
Content-Type: text/plain; charset=us-ascii; format=flowed
X-Mailman-Approved-At: Thu, 28 Aug 2003 00:14:28 -0400
Subject: Re: howto obtain TGT on login to windows machine without AD
X-BeenThere: kerberos at mit.edu
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Help: <mailto:kerberos-request at mit.edu?subject=help>
List-Post: <mailto:kerberos at mit.edu>
<mailto:kerberos-request at mit.edu?subject=subscribe>
<mailto:kerberos-request at mit.edu?subject=unsubscribe>
X-List-Received-Date: Thu, 28 Aug 2003 01:35:06 -0000
On Wednesday, August 27, 2003 17:12:11 +0200 Marcus Blomenkamp
<mblomenk at gmx.de> wrote:
> We are using an NT4 domain setup for some time now. We would like to have
> access to a kerberos authenticated filesystem (AFS) without prompting the
> user for an additional password. In our setup we have synchronized
> passwords between PDC and Kerberos. Thus the required TGT obtaining
> procedure can reuse the initially entered password.
> Which software (AFSLogonShell, MIT package ...) will make this possible?
> Using an Active-Directory Controller is not an option for now. Do we have
> to code something GINA/LSA related for ourselves? Has anybody tried
> something similar? Appreciating any input...
> PS: W2K and WXP client machines
You might do better to ask your question on the openafs-info at openafs.org or
info-afs at grand.central.org mailing lists, where there are likely people who
understand what AFS supports on which Windows versions.
I know that at one time, the Windows version of the AFS client software
included an option to automatically try getting AFS tokens using the same
password that was used to log in to the machine. This of course requires
setting Windows and Kerberos passwords the same, but it doesn't sound like
that's a problem for you. It also requires that your Windows client
machines be configured to believe that your KDC's are AFS database servers.
I haven't looked in a while, so I don't know if the feature is still there
with W2K and WXP versions of the AFS client. You might ask on openafs-info.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
More information about the Kerberos