Kerberos for Windows NT 4.0
Christopher D. Clausen
cclausen at acm.org
Wed May 2 22:30:53 EDT 2007
Warren Coykendall <warren at palecek.com> wrote:
> Hello, I was wondering we have a NT 4.0 domain which we cannot
> migrate to Windows 2003. Is there a way to have the NT 4.0 domain
> work with Kerberos so we can get single sign-on w/out the pain of
> upgrading to active directory?
I do not think there is any Kerberos in NT 4.0. You might be able to
make something work with Samba though. Are you actually running NT 4
machines? On Windows 2000 and above you can setup the clients to talk
Kerberos directly to an external KDC:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/kerbstep.mspx#EVCAC
That will get you signle-sign-on, but you'll miss a lot of the other AD
benefits. I am of the opinion that Windows 2003 Active Directory is
vastly superior to NT 4 domains. I would strongly suggest using it,
even if it is a lot of work to migrate / recreate your environment.
<<CDC
More information about the Kerberos
mailing list