service principal management with Active Directory KDC
Rohit Kumar Mehta
rohitm at engr.uconn.edu
Tue Apr 3 10:17:41 EDT 2007
Hi we want to use our Active Directory KDC to manage service principals
for nfs and ssh for quite a few Linux and Solaris machines, and would
prefer to automate generating the service principals and installing them
on the clients. I was thinking that one way to approach this problem
could be by installing Cygwin SSH daemon on the Active Directory server.
Are there any downsides to this?
The other way I think is to set up a cross-realm trust with an MIT KDC
and have one MIT kerberos realm for service principals, and use the
Active Directory for authenticating our user accounts. I haven't tried
doing this yet, but imagine it's not too hard.
If anyone has any thoughts or ideas about this, I'd be happy to hear
them. Thanks!
Rohit
More information about the Kerberos
mailing list