Win Kerb Server

Christopher D. Clausen cclausen at acm.org
Tue Mar 6 09:57:17 EST 2007


Gayal <gayal.rupasinghe at gmail.com> wrote:
> On 2/8/07, Christopher D. Clausen <cclausen at acm.org> wrote:
>> Gayal <gayal.rupasinghe at gmail.com> wrote:
>>> Hi,
>>> I want to implement SSO with Win2003 Server for Linux Clients.
>>> But I dont have access to Win2003 Server. ex:creating keytab files
>>> are not possible.
>>> So i installed MIT Kerberos KDC server to a Debian Etch and try to
>>> implement SSO for Linux Client.
>>>
>>> I assume above proceedures can be done on Win2003 too becasue it
>>> has a Kerberos Server.
>>> Am i correct?
>>
>> Yes, using Microsoft's Active Directory.
>>
> Is this possible without having Access to the Win2003 DC?

Depends upon what you mean by "access."  You may need to have a domain 
administrator create the principals for you or otherwise extract the 
keytabs.  You do not need logon access or even "domain administrator" 
access.  You only need to be able to create new user / computer accounts 
and then run a few commands to extract the keytabs.  This permission can 
be delegated to you by a domain admin.

You might want to consider having the domain admin setup a Kerberos 
cross-realm trust to your MIT Kerberos realm.  That might be easier than 
having keytabs for all machines in Active Directory.

<<CDC 





More information about the Kerberos mailing list