Replication of password base AD -> MIT

Digant Kasundra digant at
Fri Sep 10 18:29:41 EDT 2004

We're working on a patch for MIT Kerberos that will trap password change
events and send them to Microsoft AD and a password filter on the AD side
that will send password change events to the MIT KDC.  This will effectively
keep passwords in sync.  Send me an email in a month if you are interested.

> -----Original Message-----
> From: kerberos-bounces at MIT.EDU 
> [mailto:kerberos-bounces at MIT.EDU] On Behalf Of Tobias Schenk
> Sent: Wednesday, September 08, 2004 5:11 PM
> To: kerberos at MIT.EDU
> Subject: Replication of password base AD -> MIT
> Hi,
> I have the following problem:
> I want to setup a win2003 domain controller using Kerberos. 
> Also I have a linux machine which should offer many network 
> services (SMTP, POP,...). These should also use Kerberos to 
> make it convenient for the users. 
> The drawback is that if the win box crashes, also the linux 
> service become unavailable. 
> I thought it would be best to run a KDC on linux also and 
> have the password base synced. I know it contradicts somehow 
> the idea of the Kerberos topology.Anyway I have read that 
> Kerberos can push its password base to slave-KDCs but I have 
> not found info on how to make windows push this. I fear by 
> their 'special' implementation and AD they dont find it necessary. 
> Is there something like a pull or replicate mechanism?
> Or is it just a stupid idea (as you see i am no krb professional) ?
> Thanks, 
> Tobias
> ________________________________________________
> Kerberos mailing list           Kerberos at

More information about the Kerberos mailing list