Windows 2K-based domain, UNIX-based Kerb/LDAP passthru

Scott Ehrlich se at panix.com
Fri Jul 18 11:29:24 EDT 2003


I am preparing to implement either a Windows 2000 or Windows 2003 Server
domain with AD for 1000+ people, and we plan to have separate UNIX-based
Kerberos and LDAP servers.  This is for an MIT independent lab with a very
heterogenious environment, so PAM (pluggable authentication modules) for
the UNIX clients will not be friendly options.  I'm part of the system
team.

The goal will be to set up the Win Server with AD, have Windows clients
join as workstations.  Then, with accounts and security being shared
between the LDAP and Kerberos servers, allow users to log into any
workstation of choice (or multiple workstations), do whatever they want -
(change passwords, work on research, etc), and have all authentication
to/from the Windows clients simply pass through the domain controller, so
we don't have to deal with two Kerberos and LDAP environments (one being
the independent servers, the other being the domain controller).

The ultimate goal will be the ability of users to log into UNIX and
Windows workstations alike with the same credentials, and all
authentication pointing singly at the LDAP and Kerberos servers only.

Thanks for ANY leads.  I've got some URLs, but I want as much info as
possible, for I'm the key implementor of this for the Microsoft-side :-|

Scott


More information about the Kerberos mailing list