Replication of password base AD -> MIT
digant at uta.edu
Fri Sep 10 18:29:41 EDT 2004
We're working on a patch for MIT Kerberos that will trap password change
events and send them to Microsoft AD and a password filter on the AD side
that will send password change events to the MIT KDC. This will effectively
keep passwords in sync. Send me an email in a month if you are interested.
> -----Original Message-----
> From: kerberos-bounces at MIT.EDU
> [mailto:kerberos-bounces at MIT.EDU] On Behalf Of Tobias Schenk
> Sent: Wednesday, September 08, 2004 5:11 PM
> To: kerberos at MIT.EDU
> Subject: Replication of password base AD -> MIT
> I have the following problem:
> I want to setup a win2003 domain controller using Kerberos.
> Also I have a linux machine which should offer many network
> services (SMTP, POP,...). These should also use Kerberos to
> make it convenient for the users.
> The drawback is that if the win box crashes, also the linux
> service become unavailable.
> I thought it would be best to run a KDC on linux also and
> have the password base synced. I know it contradicts somehow
> the idea of the Kerberos topology.Anyway I have read that
> Kerberos can push its password base to slave-KDCs but I have
> not found info on how to make windows push this. I fear by
> their 'special' implementation and AD they dont find it necessary.
> Is there something like a pull or replicate mechanism?
> Or is it just a stupid idea (as you see i am no krb professional) ?
> Kerberos mailing list Kerberos at mit.edu
More information about the Kerberos