Does the KDC provided by MicroSoft AD server work well with client API provided by MIT?
Mark Pröhl
mark at mproehl.net
Wed Dec 26 16:52:13 EST 2012
Am 26.12.2012 08:26, schrieb shuaijie wang:
> Hi all,
>
> Currently I have this requirements:
> 1. We use Microsoft Active Directory.
> 2. We have some client programs that build on top of krb5 libs provided by
> MIT.
>
> I want to ask if these client programs can work well with KDC server
> bundled with AD(That is, if these clients can apply TGT, renew TGT, run
> ktadd.... as if it is talking with MIT KDC server)?
>
> Thanks.
MIT Kerberos libraries play very well together witch Active Directory
based infrastructures. Requesting tickets with MIT's kinit or kvno only
relies on a proper configuration file /etc/krb5.conf (besides time
synchronization and DNS name resolution). Client programs that are
linked to the MIT libraries can as well use standard SRV Records from
DNS -- however they don't support AD's site concept and site specific
SRV records.
ktadd is part of the kadmin tool that is not compatible with AD. If you
need to manage keytabs on UNIX/Linux clients or servers in Active
Directory environments you should take a look at msktutil:
http://code.google.com/p/msktutil/
--
Mark Pröhl
mark at mproehl.net
www.kerberos-buch.de
More information about the Kerberos
mailing list