AD using an external Kerberos realm

trimkins@sbcglobal.net trimkins at sbcglobal.net
Mon Feb 18 14:58:10 EST 2008


On Feb 18, 1:21 pm, "Jay Elvove" <j... at umd.edu> wrote:
> Last month, a colleague of mine sent a message to the Windows Higher
> Ed list asking about possible problems authenticating certain Microsoft
> applications to an external KDC.  We're getting ready to roll out our
> very first campus-wide Active Directory environment, which will include
> Exchange 2007 and Microsoft SharePoint Server (MOSS) 2007.  User accounts
> and other data will be populated into AD using Microsoft Identify
> Lifecycle Manager 2007.  The plan, which thus far has worked successfully
> in test, is to store user passwords in our Heimdal KDC and force all
> authentications to occur through the external KDC
>
> Several key departments have voiced concerns over whether or not web
> authentication to applications such as MOSS 2007, Outlook Web Access
> (OWA) and Citrix will work using an external KDC.
>
> We received a lot of good information from the Windows Higher Ed list, but
> I thought it might be valuable to get feedback from the folks who support
> external KDCs as well.  Are there any major gotchas that those of us
> who support Kerberos or the Windows community at large should be aware
> of?
>
> Thanks,
>
> Jay
>  -----
> Jay Elvove
> Distributed Computing Services
> University of Maryland
> Office of Information Technology
> Computer & Space Sciences Building
> Room 1301A
> College Park, MD 20742
> j... at umd.edu

The past two posts have nothing to do with the original subject line.
I don't mean to be unsociable, but shouldn't you be starting new
posts?

--Angus



More information about the Kerberos mailing list