Using kerberos on windows machines without AD support
Guillaume Rousse
Guillaume.Rousse at inria.fr
Mon Oct 12 07:44:26 EDT 2009
Hello list.
We're authenticating our Windows users against our Unix kerberos domain,
through a trust relationship between our AD domain and this kerberos
domain. It works well for windows machines that belong to this domain,
because they automatically get a suitable TGT at login.
However, there is an issue for machines that doesn't belong to this
domain, either because they don't belong to any domain, or worse,
because they belong to another one for which I can't setup a trust
relationship. I know how to get a TGT with MIT kerberos client for
windows, that can be used by third-party applications such as putty, for
instance, but I can't have Explorer uses it for accessing CIFS shares,
or kerberos-protected web sites.
So, is there a way to manually populate the system kerberos credential
caches when the login procedure doesn't handle it ?
--
BOFH excuse #276:
U.S. Postal Service
More information about the Kerberos
mailing list