syncing MIT Kerberos to Active Directory
tpugielli at tti-wireless.com
Mon Oct 5 22:23:23 EDT 2015
Excellent, Thank You for the response.
For service related issues, please call 732-553-9100 option 2, option 2 to speak with our TAC engineers. Email is not monitored for service requests.
Manager of Systems Engineers
Turn-key Technologies, Inc. (TTI Wireless)
2400 Main St. Ext. Suite 12 Sayreville, NJ 08872
(W) 732-553-9100 ext. 123
From: Russ Allbery [mailto:eagle at eyrie.org]
Sent: Monday, October 5, 2015 4:26 PM
To: Tony Pugielli <tpugielli at tti-wireless.com>
Cc: kerberos at mit.edu
Subject: Re: syncing MIT Kerberos to Active Directory
Tony Pugielli <tpugielli at tti-wireless.com> writes:
> Good day, I have an environment with MIT Kerberos and Active
> Directory. Is there a way to keep both databases (username and
> password) in sync? The use case is 802.1x authentication. EAP-GTC is
> not native to many devices so we want to use Active Directory so we
> can take advantage of the more widely native supplicant PEAP-MSCHAPV2.
> We would prefer the user only need to keep track of one username and
> password. Right now the Kerberos MIT database is widely used for their
> single sign-on applications.
You may find:
useful, although it only does passwords. I believe there is a krb5-adsync package somewhere based on that which also creates accounts.
Russ Allbery (eagle at eyrie.org) <http://www.eyrie.org/~eagle/>
More information about the Kerberos