javiplx at gmail.com
Thu Aug 7 03:20:56 EDT 2008
> A while back I wrote a utility for building keytab files when using
> Active Directory as the KDC; it uses the RFC3244 protocol to set the
> "password" of the given principal, so it should work with Heimdal.
It's nice to see a source code sample for this. Up to now I did use
the binary-only adkadmin from Certified Security Solutions.
Have anybody tried with the 'Active Directory' mode of heimdal's kadmin ?
By the way, my tests with W3K R2 Enterprise did show that neither SFU
nor the Identity management for Unix (which I didn't know) are
strictly required. The unix schema is actually there, and if you are
ready for some debugging loops you can do everything with ldapmodify
from the unix (fedora/ubuntu) box. And as far as I remember, you don't
need to fix a NIS domain attribute.
More information about the Kerberos