Does the KDC provided by MicroSoft AD server work well with client API provided by MIT?

Russ Allbery rra at stanford.edu
Wed Dec 26 13:17:16 EST 2012


shuaijie wang <wangshuaijie at gmail.com> writes:

> Currently I have this requirements:
> 1. We use Microsoft Active Directory.
> 2. We have some client programs that build on top of krb5 libs provided by
> MIT.

> I want to ask if these client programs can work well with KDC server
> bundled with AD(That is, if these clients can apply TGT, renew TGT, run
> ktadd.... as if it is talking with MIT KDC server)?

All the normal Kerberos protocol operations will work fine.  kpasswd
should also work fine.  Nothing related to the kadmin protocol (in other
words, anything that you would run the kadmin client to do) will work.
You'll need to use other tools (either Microsoft's native tools or
third-party tools for UNIX that work with AD) to do things like create
keytabs.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list