service principals in AD fro unix kerberos clients

Ryan Odgers odgersr at out.co.za
Thu Jan 22 09:57:23 EST 2004


(I apologize if this has already been posted, I am new to this list)

Hi,

What is the trick to getting services to work via kerberos?

I have been playing around with trying to use kerberos as a SSO for our
environment, but am a bit confused.

To date:
I have installed and configured MS SFU 3.5 (services for Unix) on our AD,
extended the schema.
I have an HP-UX 11.11 machine in which I have setup the LDAP client to talk
to the AD via kerberos. I can successfully search the AD and can login with
windows credentials via a keytab created for the host.

The telnet service in HP-UX is kerberos aware, but after creating a service
instance and keytab file for the telnet service in AD, and importing into
the unix keytab file, I cannot telnet into unix via kerberos. I have
followed Microsoft's doc on inter-operability, but cannot get the services
side of kerberos to work.

If the KDC is win2000 and the kerberos client is UNIX or MIT, does
cross-realm authentication still need to be set up?
It is the same kerberos realm, the unix machine points to the 2000 KDC as
its server.

Any help is VERY appreciated
Ryan




More information about the Kerberos mailing list