Any way to propagate db
Wilper, Ross A
rwilper at stanford.edu
Wed Jun 2 13:35:05 EDT 2010
That is true.. I oversimplified a bit. This would allow you to have a KDC with equivalent principals. You would need a trust relationship and the external principal names set on the AD users as alternate security identities for the synchronized principals to work for Windows logon, etc. I had simply assumed this scenario.
-Ross
-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf Of Simo Sorce
Sent: Wednesday, June 02, 2010 10:26 AM
To: kerberos at mit.edu
Subject: Re: Any way to propagate db
On Wed, 2 Jun 2010 10:04:25 -0700
Techie <techchavez at gmail.com> wrote:
> Ok, thank you for the information. I was hoping there was a way to do
> something similar to a kprop from AD to an MIT KDC using some kind of
> AD tool. But I also imagined that would not be the case since there
> are likely many incompatibilities.
> I think I need to read up on the Microsoft Kerberos documentation.
Note that merely propagating passwords does not give you a KDC that is
able to release tickets that are valid in the AD realm.
The only code currently able to extract that info reliably lives in the
development version of samba called samba4 and implements a full
Windows DC with native replication.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list