Replication of password base AD -> MIT
john at iastate.edu
Fri Sep 10 18:57:34 EDT 2004
> We're working on a patch for MIT Kerberos that will trap password change
> events and send them to Microsoft AD and a password filter on the AD side
> that will send password change events to the MIT KDC. This will effectively
> keep passwords in sync. Send me an email in a month if you are interested.
We've been doing this for about 5 years. Works fine.
We're using it to sync our Kerberos Master to WinAD,
to Novell, and to our Kerberos Slave, and from WinAD
The list archives should have details I've posted previously.
> > -----Original Message-----
> > From: kerberos-bounces at MIT.EDU
> > [mailto:kerberos-bounces at MIT.EDU] On Behalf Of Tobias Schenk
> > Sent: Wednesday, September 08, 2004 5:11 PM
> > To: kerberos at MIT.EDU
> > Subject: Replication of password base AD -> MIT
> > Hi,
> > I have the following problem:
> > I want to setup a win2003 domain controller using Kerberos.
> > Also I have a linux machine which should offer many network
> > services (SMTP, POP,...). These should also use Kerberos to
> > make it convenient for the users.
> > The drawback is that if the win box crashes, also the linux
> > service become unavailable.
> > I thought it would be best to run a KDC on linux also and
> > have the password base synced. I know it contradicts somehow
> > the idea of the Kerberos topology.Anyway I have read that
> > Kerberos can push its password base to slave-KDCs but I have
> > not found info on how to make windows push this. I fear by
> > their 'special' implementation and AD they dont find it necessary.
> > Is there something like a pull or replicate mechanism?
> > Or is it just a stupid idea (as you see i am no krb professional) ?
> > Thanks,
> > Tobias
> > ________________________________________________
> > Kerberos mailing list Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> Kerberos mailing list Kerberos at mit.edu
More information about the Kerberos