Replication of password base AD -> MIT
Jeffrey Altman
jaltman2 at nyc.rr.com
Thu Sep 9 09:54:16 EDT 2004
Tobias Schenk wrote:
> Hi,
>
> I have the following problem:
> I want to setup a win2003 domain controller using Kerberos.
> Also I have a linux machine which should offer many network services
> (SMTP, POP,...). These should also use Kerberos to make it convenient
> for the users.
> The drawback is that if the win box crashes, also the linux service
> become unavailable.
Then setup multiple Domain Controllers for the same domain so there
is automatic replication and multiple sources for access to the
authentication service.
> I thought it would be best to run a KDC on linux also and have the
> password base synced. I know it contradicts somehow the idea of the
> Kerberos topology.Anyway I have read that Kerberos can push its
> password base to slave-KDCs but I have not found info on how to make
> windows push this. I fear by their 'special' implementation and AD
> they dont find it necessary.
You can use an MIT KDC but not as a slave to a Microsoft Active
Directory. You don't mix and match KDCs from different vendors.
--
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu
More information about the Kerberos
mailing list