Replication of password base AD -> MIT

Jeffrey Altman jaltman2 at
Thu Sep 9 09:54:16 EDT 2004

Tobias Schenk wrote:

> Hi,
> I have the following problem:
> I want to setup a win2003 domain controller using Kerberos.
> Also I have a linux machine which should offer many network services
> (SMTP, POP,...). These should also use Kerberos to make it convenient
> for the users. 
> The drawback is that if the win box crashes, also the linux service
> become unavailable. 

Then setup multiple Domain Controllers for the same domain so there
is automatic replication and multiple sources for access to the
authentication service.

> I thought it would be best to run a KDC on linux also and have the
> password base synced. I know it contradicts somehow the idea of the
> Kerberos topology.Anyway I have read that Kerberos can push its
> password base to slave-KDCs but I have not found info on how to make
> windows push this. I fear by their 'special' implementation and AD
> they dont find it necessary. 

You can use an MIT KDC but not as a slave to a Microsoft Active 
Directory.  You don't mix and match KDCs from different vendors.

This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu

More information about the Kerberos mailing list