Unix KDC/Windows2003 crossrealm trust useless for Exchange2003
jaltman2 at nyc.rr.com
Thu Jun 10 15:45:34 EDT 2004
I am not aware of anyone who has been able to get this to work.
I have not spent time analyzing the situation but the fundamental
cause of the problem appears to be a failure either to obtain PAC
information in the cross-realm service ticket which Exchange requires;
or a failure of the user principal name to belong to a realm in
which Exchange can then lookup additional information within the
Whichever the cause it does appear that Exchange was designed
to be a Microsoft only solution.
Subu Ayyagari wrote:
> Is there anyone who has managed to use Exchange2003
> when Windows 2003 domain has a trust with unix Kerberos,
> so that unix KDC provides authentication to all users?
>>From systems that are not part of the windows domain,
> POP and IMAP connectivity to Exchange2003 just do not work.
> OWA works using UPN (user at unixKDCrealm) though.
> Appears the only way would be to have an out-of-band process
> to syncup passwords between unix KDC and Windows ADS.
> and throw out the cross-realm trust.
> Any suggestions/comments?
> email: s.ayyagari at xpedite.com
> Kerberos mailing list Kerberos at mit.edu
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu
More information about the Kerberos