MS Exchange Kerberos Login to MIT KDC

Lara Adianto m1r4cle_26 at yahoo.com
Sun Jul 25 03:31:15 EDT 2004 

Hi,
 
With reference to the following posting:
http://www.mail-archive.com/kerberos@mit.edu/msg06133.html
Is there any follow-up information whether it is possible for users that do not belong to Windows domain (like those belong to workgroup) to logon to exchange server using OWA with their accounts in MIT KDC ?
 
Thanks,
lara


------------------------------------------------------------------------------------ 
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
                                                                        - Guy de Maupassant -
------------------------------------------------------------------------------------
		
---------------------------------
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!!From elebsack at mitre.org Mon Jul 26 09:58:15 2004
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
	[18.7.21.83])
	by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i6QDwFl1014703
	for <kerberos at PCH.mit.edu>; Mon, 26 Jul 2004 09:58:15 -0400 (EDT)
Received: from smtp-mclean.mitre.org (smtp-mclean-x.mitre.org [192.80.55.71])
	i6QDwDj3003700
	for <kerberos at mit.edu>; Mon, 26 Jul 2004 09:58:13 -0400 (EDT)
Received: from smtp-mclean.mitre.org (localhost.localdomain [127.0.0.1])
	by smtp-mclean.mitre.org (8.11.6/8.11.6) with ESMTP id i6QDw5G03489
	for <kerberos at mit.edu>; Mon, 26 Jul 2004 09:58:05 -0400
Received: from MAILHUB2 (mailhub2.mitre.org [129.83.221.18])
	by smtp-mclean.mitre.org (8.11.6/8.11.6) with ESMTP id i6QDvug03127
	for <kerberos at mit.edu>; Mon, 26 Jul 2004 09:57:56 -0400
Received: from mm119234-pc.mitre.org (129.83.81.27) by mailhub2.mitre.org with
	SMTP        id 3826383; Mon, 26 Jul 2004 09:55:01 -0400
From: "Eliot Lebsack" <elebsack at mitre.org>
To: <kerberos at mit.edu>
Date: Mon, 26 Jul 2004 09:55:02 -0400
Organization: The MITRE Corporation
Message-ID: <000901c47318$25c78aa0$1b515381 at MITRE.ORG>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Importance: Normal
Subject: Solaris pam-krb5 client and MIT krb5 KDC on Linux
X-BeenThere: kerberos at mit.edu
X-Mailman-Version: 2.1
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Help: <mailto:kerberos-request at mit.edu?subject=help>
List-Post: <mailto:kerberos at mit.edu>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
	<mailto:kerberos-request at mit.edu?subject=subscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos>
List-Unsubscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
	<mailto:kerberos-request at mit.edu?subject=unsubscribe>
X-List-Received-Date: Mon, 26 Jul 2004 13:58:16 -0000

Good morning.

I've set up a KDC on a RHEL 3 box with NIS as the 
name service. All of my Linux boxes have no problem
authenticating against this configuration. 

When I attempted to migrate my Solaris 8 (2/02) Ultra 80
to this authentication/name service combination, using
the on-board (non-SEAM) kerberos authentication tools
which are run when reconfiguring a system (running sys-unconfig, 
then rebooting), I entered the fields for Kerberos
as those used by my Linux machines.

I went ahead and synced up my /etc/krb5/krb5.conf file with
that used by the Linux clients. I uncommented the pam.conf
lines for the pam_krb5.so.1 module as directed by the documention
I could find on the web. I've even generated a keytab for the
host principle, and moved it into /etc/krb5/krb5.keytab.

I've checked my DNS setup as well as NTP. Everything looks good.

When I attempt to log onto the Solaris 8 machine as a regular
user, forcing the machine to refer to NIS/Kerberos for more information,
the pam_krb5 authentication module refuses to allow access.

When I "su -" to the user from root, and do a kinit as the user,
it successfully gets the Kerberos ticket.

It appears that pam_krb5 is not entering the authentication
process correctly, or that it is not negotiating with the KDC
correctly. 

Has anyone else tried a similar configuration? I'm trying to
do something real basic here; no kerberized NFS or anything like that.

I also tried installing SEAM for Solaris 8, and still had the
same problem.

Regards,

Eliot

======================================================
Eliot Lebsack                         (781) 271-5830
Lead Communications Engineer      
The MITRE Corporation                    Bedford, MA

More information about the Kerberos mailing list