[19406] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Possible to use a Windows Domain and UNIX/MIT Kerberos Auth

daemon@ATHENA.MIT.EDU (Matthew Smith)
Wed Jun 11 15:56:12 2003

Message-ID: <3EE7867C.9000308@forsetti.com>
Date: Wed, 11 Jun 2003 15:43:56 -0400
From: Matthew Smith <matt@forsetti.com>
To: kerberos@MIT.EDU
Errors-To: kerberos-bounces@mit.edu

You can set up a trust from your AD Domain(s) to your Kerberos realm, 
and them use the userprincipal field of AD to map a AD user account to a 
kerb princ.  This allows you, effectively, to use your login info from 
your krb5 realm, but get a SID and other AD info (group membership, 
personal info, etc) from AD.

There is a whitepaper up on MS's site.
-Matt

MattW wrote:
> Esteemed Others,
> 
> Is it possible to use Windows2000 Active Directory service, and
> benefit from the centralized user and group info, but to use
> Kerberos hosted on a linux machine as the Authentication piece?
> 
> I see descriptions on the net for using Kerberos to Authenticate,
> but none of them seem to include a domain setup. Is this an
> either-or scenario?
> 
> thanks,
> 
> Matt
> 

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[19406] in Kerberos

Re: Possible to use a Windows Domain *and* UNIX/MIT Kerberos Auth

daemon@ATHENA.MIT.EDU (Matthew Smith)Wed Jun 11 15:56:12 2003

Re: Possible to use a Windows Domain and UNIX/MIT Kerberos Auth

daemon@ATHENA.MIT.EDU (Matthew Smith)
Wed Jun 11 15:56:12 2003