mit2ms binary

Christopher Odenbach odenbach at uni-paderborn.de
Wed Mar 16 02:47:03 EST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,

>     Christopher> we use the Leash Ticket Manager 2.6.5. Some of our
>     Christopher> workstations are not integrated in our AD domain, so
>     Christopher> they cannot obtain windows kerberos credentials. But
>     Christopher> people could use tickets to access some of our
>     Christopher> kerberized services (which use the ms creds instead
>     Christopher> of the mit tickets).
>
> Windows does not currently support this functionality.

Oh yes, it does. Internet Explorer 6 can use http negotiate to access 
kerberized web pages (just add them to the trusted zone), and putty can use 
ticket forwarding to kerberized ssh servers.

The trouble is, IE uses the MS credential cache, which up to now can only be 
filled by an interactive logon. So users can only get the "right" credentials 
if the machine is a domain member. I would like to make people able to get 
their credentials in another way, preferred with the leash manager as they 
already use it to access AFS.

>     Christopher> The tool 'mit2ms" seems to fit exactly in this hole,
>     Christopher> but there is no binary distribution available yet. As
>     Christopher> I don't really want to build up a complete building
>     Christopher> and compiling environment, I wonder if someone had a
>     Christopher> binary version available, just to check if it works.
>
> This tool is a proof of concept implementation so we could make sure
> our side of the functionality existed in case Microsoft ever decides
> to add this functionality.

It is already there.

Christopher

- -- 
======================================================
    Dipl.-Ing. Christopher Odenbach
    Zentrum fuer Informations- und Medientechnologien
    Universitaet Paderborn
    Raum N5.110
    odenbach at uni-paderborn.de
    Tel.: +49 5251 60 5315
======================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCN+SEhxiCJKeLY0IRAiqvAKCvfyz1lQarxjiEgD1HeMESO4SDHwCgo+2F
Nmd7/+CzKs7/3SSRyQWASFw=
=7/1b
-----END PGP SIGNATURE-----

More information about the Kerberos mailing list