joining domain or workstation ?
Franklin M. Siler
fsiler at NOSPAMuiuc.edu
Wed Aug 4 19:29:34 EDT 2004
Lara Adianto wrote:
> Hi,
>
> When using an MIT KDC for authenticating win2k/winxp machine, should the machine be configured as a member of a domain or workgroup ?
>
that depends. If you're talking about a full AD-style login, I believe
you must be joined to AD, and then the Kerberos realm you're trying to
use must have a trust relationship with your AD realm (in my case,
AD.UIUC.EDU trusts UIUC.EDU). There are tools included with 2k and xp
to set this up.
Normal users can authenticate against arbitrary realms for
applications such as kerberized telnet or AFS...so I'm not sure exactly
what you're asking.
> I've tried both and for both cases the user is able to login to the machine...
> So what's the difference ?
>
well, with more information perhaps someone more knowledgable than I can
answer :).
--
Franklin M. Siler UIUC: Undergraduate in Electrical Engineering
Marching Illini Trumpets, Basketball Band Staff, ACM SigMation
http://umgawa.bands.uiuc.edu/~fsiler/
More information about the Kerberos
mailing list