Windows with MIT krb5 and OpenLDAP
Sensei
noone at nowhere.org
Sat Apr 10 05:13:12 EDT 2004
Brian Davidson wrote:
> As Jeffrey said,
> MIT + standalone windows works if you map Kerb principal to user on the
> Windows box.
This means adding users on the windows clients... just the thing I want
to avoid :)
> MIT + AD also works, if you set up cross-realm auth (AD trusts MIT, MIT
> doesn't trust AD works)
This is another thing: creating an AD server, and for all newly created
principal/afs users I will have to create a user on the AD server... A
middle-way solution...
> This last issue isn't doable at this point, because of the PAC issue.
> OpenLDAP isn't sufficient to replace AD. [...]
>
> I suggest that you also check with the Samba group, as I think they've
> been working on solving this problem.
Ok, I'll try some samba groups...
> I'm pretty sure you'll have to
> run Kerberos and LDAP on the same box (whenever someone gets it
> working), and quite possibly Samba too.
AFS, Kerberos and LDAP are currently on the same server... and I'll keep
it so...
More information about the Kerberos
mailing list