Password synching
Digant Kasundra
digant at uta.edu
Fri Mar 12 10:40:51 EST 2004
> >Is anyone aware of any product that can sync passwords
> between an MIT
> >Kerberos KDC and MS Active Directory?
>
> Alf Wachsmann at SLAC is doing this with Heimdal.
>
> Personally I'd rather only have the passwords (keys actually) stored
> in one of the two, and I'd rather it wasn't the commercial product.
> Institutional requirements differ though.
> --
> The opinions expressed in this message are mine,
> not those of Caltech, JPL, NASA, or the US Government.
> Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
>
I agree completely. We want to move away from AD and over to Kerb. But the
password syncing was a compromise between us (the Unix guys) and Windows
guys. We plan to do it on a non-permanent basis as a way of (a) migrating
passwords from Windows to Kerb by trapping password change events over the
next 3 or 4 months and (b) continuing to allow non-Kerb (NTLM only) apps to
still login with the same "one username/one password."
If either of you can help me out, I'd be greatful.
-- DK
More information about the Kerberos
mailing list