Is it possible to authenticate Windows clients against MIT Kerberos (no AD)?
Jaap Winius
jwinius at umrk.nl
Fri Apr 1 21:01:32 EDT 2011
Quoting Cosimo La Torre <latorrecosimo80 at gmail.com>:
> I have been trying to configure a WinXP client to authenticate against MIT
> Kerberos V with no success (linux clients all work fine)...
Yes, of course it is. Just use the Kerberos client for Windows:
http://web.mit.edu/kerberos/kfw-3.2/kfw-3.2.2.html
However, all this gets you is bare-bones Kerberos authentication; you
still need to log in to Windows first. So, you might consider
combining that with the pGina client...
http://www.pgina.org/index.php/Main_Page
... and the Kerberos plugin for it:
http://pages.cs.wisc.edu/~timc/pgina/
But, even if you get all that to work, your users will still need
local accounts on all the Windows workstations before they can log in;
local accounts are not created for them automatically, nor are they
stored on the network.
If you don't like that idea, it seems that currently your only other
options are either to buy a license for a M$ Windows server, or wait
for Samba4:
https://wiki.samba.org/index.php/Samba4
Cheers,
Jaap
More information about the Kerberos
mailing list