step by step guide for Windows 2003 Server and MIT Kerberos trust?
Rodney M Dyer
rmdyer at uncc.edu
Thu Jun 10 11:28:21 EDT 2004
At 09:41 AM 6/10/2004, Jeffrey Altman wrote:
>This is another reason why I like the cross-realm solution for managing
>non-Windows services. Let Active Directory manage the Windows based
>services and an MIT KDC manage the non-Windows services. Use
>cross-realm between the two to obtain the service tickets for the
>non-Windows services.
Right, and I'm finding this solution sucks because Microsoft needs the PAC
for authorizing anything. The way things are going it looks like using a
Microsoft AD for a KDC is the "better" solution if you ever need to use
Microsoft services from a client that doesn't know about the trust. In our
case this is the fate we have run into when trying to truely kerberize
Exchange, you can't. I think the whole Kerberos interoperability marketing
by Microsoft is just a ghost, a facad. In fact, unless you use AD as the
KDC in your organization, you are looking at more hurt than help.
Rodney
More information about the Kerberos
mailing list