Does the KDC provided by MicroSoft AD server work well with client API provided by MIT?

Mark Pröhl mark at mproehl.net
Wed Dec 26 16:52:13 EST 2012


Am 26.12.2012 08:26, schrieb shuaijie wang:
> Hi all,
>
> Currently I have this requirements:
> 1. We use Microsoft Active Directory.
> 2. We have some client programs that build on top of krb5 libs provided by
> MIT.
>
> I want to ask if these client programs can work well with KDC server
> bundled with AD(That is, if these clients can apply TGT, renew TGT, run
> ktadd.... as if it is talking with MIT KDC server)?
>
> Thanks.


MIT Kerberos libraries play very well together witch Active Directory 
based infrastructures. Requesting tickets with MIT's kinit or kvno only 
relies on a proper configuration file /etc/krb5.conf (besides time 
synchronization and DNS name resolution). Client programs that are 
linked to the MIT libraries can as well use standard SRV Records from 
DNS -- however they don't support AD's site concept and site specific 
SRV records.

ktadd is part of the kadmin tool that is not compatible with AD. If you 
need to manage keytabs on UNIX/Linux clients or servers in Active 
Directory environments you should take a look at msktutil: 
http://code.google.com/p/msktutil/

-- 
Mark Pröhl
mark at mproehl.net
www.kerberos-buch.de



More information about the Kerberos mailing list