Windows 2000 Server as KDC

John Rudd jrudd at ucsc.edu
Mon Jul 21 20:06:35 EDT 2003


Mel Riser wrote:
> 
> 
> the Win2k KDC has to be the primary, 

That's annoying.

> but Linux boxes or other OS's running kerberos can be backups. Replication is the problem though.

Any pointers on how to make that work?


> 
> an easier solution would be to setup a windows realm for Win2k KDC and a cross realm trust with a linux box in a different realm.
> 

We were doing this (with Solaris, not Linux), but when the bug and fix
for the cross-realm security hole came out a few months ago, that caused
it all to break (we need krb4 cross-realm auth because AFS is in the
picture).  So, we're basically running an older un-patched krb524d in
order to keep things working ... but that doesn't make me comfortable in
the long run, so I'm looking for other solutions.


More information about the Kerberos mailing list