Is it possible to authenticate Windows clients against MIT Kerberos (no AD)?

Jaap Winius jwinius at umrk.nl
Fri Apr 1 21:01:32 EDT 2011


Quoting Cosimo La Torre <latorrecosimo80 at gmail.com>:

> I have been trying to configure a WinXP client to authenticate against MIT
> Kerberos V with no success (linux clients all work fine)...

Yes, of course it is. Just use the Kerberos client for Windows:

    http://web.mit.edu/kerberos/kfw-3.2/kfw-3.2.2.html

However, all this gets you is bare-bones Kerberos authentication; you  
still need to log in to Windows first. So, you might consider  
combining that with the pGina client...

    http://www.pgina.org/index.php/Main_Page

... and the Kerberos plugin for it:

    http://pages.cs.wisc.edu/~timc/pgina/

But, even if you get all that to work, your users will still need  
local accounts on all the Windows workstations before they can log in;  
local accounts are not created for them automatically, nor are they  
stored on the network.

If you don't like that idea, it seems that currently your only other  
options are either to buy a license for a M$ Windows server, or wait  
for Samba4:

    https://wiki.samba.org/index.php/Samba4

Cheers,

Jaap




More information about the Kerberos mailing list