Win Kerb Server
Christopher D. Clausen
cclausen at acm.org
Tue Mar 6 09:57:17 EST 2007
Gayal <gayal.rupasinghe at gmail.com> wrote:
> On 2/8/07, Christopher D. Clausen <cclausen at acm.org> wrote:
>> Gayal <gayal.rupasinghe at gmail.com> wrote:
>>> Hi,
>>> I want to implement SSO with Win2003 Server for Linux Clients.
>>> But I dont have access to Win2003 Server. ex:creating keytab files
>>> are not possible.
>>> So i installed MIT Kerberos KDC server to a Debian Etch and try to
>>> implement SSO for Linux Client.
>>>
>>> I assume above proceedures can be done on Win2003 too becasue it
>>> has a Kerberos Server.
>>> Am i correct?
>>
>> Yes, using Microsoft's Active Directory.
>>
> Is this possible without having Access to the Win2003 DC?
Depends upon what you mean by "access." You may need to have a domain
administrator create the principals for you or otherwise extract the
keytabs. You do not need logon access or even "domain administrator"
access. You only need to be able to create new user / computer accounts
and then run a few commands to extract the keytabs. This permission can
be delegated to you by a domain admin.
You might want to consider having the domain admin setup a Kerberos
cross-realm trust to your MIT Kerberos realm. That might be easier than
having keytabs for all machines in Active Directory.
<<CDC
More information about the Kerberos
mailing list