test kerberos environment

Fletch fletch72 at gmail.com
Wed Dec 29 22:50:12 EST 2004


Hi,
I am working with a client to test using MIT's Kerberos for a software
application they are developing.  The application generally doesn't
use kerberos but for this specific customer they are requiring that
the software application will authenticate using kerberos.  I don't
know a ton about the environment they will wind up testing the app in
but for now we want to just see if we can do some basic things.

I have a windows 2000 domain with AD running that we can test in.  
The developer wants to just try using a jdc script ( or something like
that) just to see if we can authenticate.

I want to install your kerberos on a test machine and from what I have
read so far it seems as though this has to be a domain controller?

What we want to do is install your kerberos and then see if we can
authenticate on the domain using the developers script with the
credentials of a test user I setup on the domain.

So I downloaded the kerberos and installed it on a test box but then
got lost.  I don't know exactly where to get the keys from as I don't
know how to setup the realms, etc.  I found some info on MS site but
in general I am wondering if there is a quick way to do this and just
test it out.  It would even be better to maybe not test it out as I
don't have a test domain we would be using this on the live network
and I would prefer to avoid that.

Can I setup a realm and whatnot or possibly use the MIT realm and test
the script out against that and see if it authenticates?  I believe
the env. the product will wind up in is a place where linux, sun, and
windows all run and the users login to a domain using AD.

Can you help or point me in the right spot?  Does the client get
installed on every machine that will try to use this and then are the
users all created in the active D or can you use the kerberos server? 
If I want to keep this off of the domain can I do that and setup sort
of a standalone box for them to test authentication against?  Looking
for an easy way just to test it out for now.


More information about the Kerberos mailing list