Password synching

Digant Kasundra digant at uta.edu
Fri Mar 12 10:40:51 EST 2004


> >Is anyone aware of any product that can sync passwords 
> between an MIT 
> >Kerberos KDC and MS Active Directory?
> 
> Alf Wachsmann at SLAC is doing this with Heimdal.
> 
> Personally I'd rather only have the passwords (keys actually) stored 
> in one of the two, and I'd rather it wasn't the commercial product. 
> Institutional requirements differ though.
> -- 
> The opinions expressed in this message are mine,
> not those of Caltech, JPL, NASA, or the US Government. 
> Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
> 

I agree completely.  We want to move away from AD and over to Kerb.  But the
password syncing was a compromise between us (the Unix guys) and Windows
guys.  We plan to do it on a non-permanent basis as a way of (a) migrating
passwords from Windows to Kerb by trapping password change events over the
next 3 or 4 months and (b) continuing to allow non-Kerb (NTLM only) apps to
still login with the same "one username/one password."

If either of you can help me out, I'd be greatful.

-- DK


More information about the Kerberos mailing list