AD using an external Kerberos realm
Jay Elvove
jay at umd.edu
Mon Feb 18 14:21:22 EST 2008
Last month, a colleague of mine sent a message to the Windows Higher
Ed list asking about possible problems authenticating certain Microsoft
applications to an external KDC. We're getting ready to roll out our
very first campus-wide Active Directory environment, which will include
Exchange 2007 and Microsoft SharePoint Server (MOSS) 2007. User accounts
and other data will be populated into AD using Microsoft Identify
Lifecycle Manager 2007. The plan, which thus far has worked successfully
in test, is to store user passwords in our Heimdal KDC and force all
authentications to occur through the external KDC
Several key departments have voiced concerns over whether or not web
authentication to applications such as MOSS 2007, Outlook Web Access
(OWA) and Citrix will work using an external KDC.
We received a lot of good information from the Windows Higher Ed list, but
I thought it might be valuable to get feedback from the folks who support
external KDCs as well. Are there any major gotchas that those of us
who support Kerberos or the Windows community at large should be aware
of?
Thanks,
Jay
-----
Jay Elvove
Distributed Computing Services
University of Maryland
Office of Information Technology
Computer & Space Sciences Building
Room 1301A
College Park, MD 20742
jay at umd.edu
More information about the Kerberos
mailing list