Login to XP workstation in WIndows Server 2003 2k3 AD domain with MIT kerberos KDC

Terry Jones terry.jones at utoronto.ca
Fri Jan 14 15:52:46 EST 2005


I am new to Kerberos and I probably have the terminiology wrong so I
apologize right off.

We are trying to build an environment where students are allowed to
log into a Windows XP desktop workstation that is part of a Windows
Server 2003 (we could use win2k3 or win2000 if need be...) Active
Directory domain, but we would like them to authenticate to an MIT
Kerberos KDC through a trust arrangement. We don't want the MIT
Kerberos KDC to have to know and trust each individual workstation, we
want it to only know about the Windows Server 2003 domain controller.
In other words I don't want to point 100 XP workstations at the KDC
for authentication, I want them to just sign into the AD domain but
get authenticated by the fact that they have a valid account in the
MIT kerberos KDC.

Is this even possible?

TIA

tj


More information about the Kerberos mailing list