Windows 2000 Server as KDC

Mel Riser mel.riser at fxfn.com
Wed Jul 16 14:22:09 EDT 2003


yes there are some tools in the windows 2000 resource kit.

but they are limited. You CAN compile some of the linux tools with MS visual studio, but you have to hack the source and it is difficult.

our experience is to let the windows KDC/Active Directory handle windows clients, and have a separate Linux KDC for Unix authentication, and setup cross realm trusts.

mel

-----Original Message-----
From: Karl Pitrich [mailto:karl.pitrich at fabasoft.com]
Sent: Wednesday, July 16, 2003 12:45 PM
To: kerberos at mit.edu
Subject: Re: Windows 2000 Server as KDC


On Wed, 2003-07-16 at 01:18, Wayne Rasmussen wrote:
> A few questions:
> 
> 1)  Does Windows 2000 server have a kerberos administrator server
> installed?  Doesn't appear to have one as posts 749/750 are not open.
> Is there supposed to be one and at what port.

in [realms]
set both kdc and admin_server to the hostname or ip
of your Windows Domain Controller and 
supply the full domain as realm.

> 2)  Is there a way on the Windows 2000 Server to test the TGT and TST
> say via command  prompt in cmd.exe?

in some resource kit, i forgot which, M$ provides kerberos command line
tools. (ktpass etc.)


/ karl





More information about the Kerberos mailing list