Possible to use a Windows Domain *and* UNIX/MIT Kerberos Auth
Mel Riser
mel.riser at fxfn.com
Wed Jun 11 16:15:44 EDT 2003
it is possible... we have several cross realm domains setup... this allows cross realm communications and users from one domain get tickets in another. once it's setup, it's fairly seamless
The Microsoft paper was invaluable... but you MUST follow it step by step.
AND if your NETBIOS REALM and your K5 REALM are the same, one of them has to change.
anyone wanting more direct questions or consulting can email me of list
mel.riser at fxfn.com
-----Original Message-----
From: Matthew Smith
To: kerberos at mit.edu
Sent: 6/11/2003 2:43 PM
Subject: Re: Possible to use a Windows Domain *and* UNIX/MIT Kerberos Auth
You can set up a trust from your AD Domain(s) to your Kerberos realm,
and them use the userprincipal field of AD to map a AD user account to a
kerb princ. This allows you, effectively, to use your login info from
your krb5 realm, but get a SID and other AD info (group membership,
personal info, etc) from AD.
There is a whitepaper up on MS's site.
-Matt
MattW wrote:
> Esteemed Others,
>
> Is it possible to use Windows2000 Active Directory service, and
> benefit from the centralized user and group info, but to use
> Kerberos hosted on a linux machine as the Authentication piece?
>
> I see descriptions on the net for using Kerberos to Authenticate,
> but none of them seem to include a domain setup. Is this an
> either-or scenario?
>
> thanks,
>
> Matt
>
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list