service principals in AD fro unix kerberos clients

Jeffrey Altman jaltman2 at nyc.rr.com
Mon Jan 26 10:33:04 EST 2004


Ryan Odgers wrote:
> I have AD users corresponding to the services eg. telnet and ftp and have
> used ktpass to generate the following principals.
> telnet/xxx.test.com at TEST.COM
> ftp/xxx.test.com at TEST.COM
> 
> I just get lost in how to get a ticket from windows to use that service. if
> i am on the unix machine and do a kinit with the service as above, I can
> authenticate and if I do a klist the ticket is listed. How do I make a
> kerberos aware client on windows to authenticate using these credentials?

The client will require access to the TGT for the end user principal.
Then you need a Kerberos aware Telnet and FTP client application. 
(Kermit 95 will perform both as well as providing Kerberos ticket 
management script functions.)

At that point all you should need to do is connect to the service on the
Unix host from the Telnet/FTP client.  The client software should do the
rest.

Jeffrey Altman


More information about the Kerberos mailing list