service principal management with Active Directory KDC

Rohit Kumar Mehta rohitm at engr.uconn.edu
Tue Apr 3 10:17:41 EDT 2007


Hi we want to use our Active Directory KDC to manage service principals 
for nfs and ssh for quite a few Linux and Solaris machines, and would 
prefer to automate generating the service principals and installing them 
on the clients. I was thinking that one way to approach this problem 
could be by installing Cygwin SSH daemon on the Active Directory server.
Are there any downsides to this?

The other way I think is to set up a cross-realm trust with an MIT KDC 
and have one MIT kerberos realm for service principals, and use the 
Active Directory for authenticating our user accounts.  I haven't tried 
doing this yet, but imagine it's not too hard.

If anyone has any thoughts or ideas about this, I'd be happy to hear 
them.  Thanks!

Rohit



More information about the Kerberos mailing list