[19408] in Kerberos
RE: Possible to use a Windows Domain *and* UNIX/MIT Kerberos Auth
daemon@ATHENA.MIT.EDU (Mel Riser)
Wed Jun 11 16:16:01 2003
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Date: Wed, 11 Jun 2003 15:15:44 -0500
Message-ID: <A0E465D8EE21FE4EA9DB3C11F48EB1FB5F5CED@europa.mesas.mis>
From: "Mel Riser" <mel.riser@fxfn.com>
To: "Matthew Smith " <matt@forsetti.com>, <kerberos@mit.edu>
Content-Transfer-Encoding: 8bit
Errors-To: kerberos-bounces@mit.edu
it is possible... we have several cross realm domains setup... this allows cross realm communications and users from one domain get tickets in another. once it's setup, it's fairly seamless
The Microsoft paper was invaluable... but you MUST follow it step by step.
AND if your NETBIOS REALM and your K5 REALM are the same, one of them has to change.
anyone wanting more direct questions or consulting can email me of list
mel.riser@fxfn.com
-----Original Message-----
From: Matthew Smith
To: kerberos@mit.edu
Sent: 6/11/2003 2:43 PM
Subject: Re: Possible to use a Windows Domain *and* UNIX/MIT Kerberos Auth
You can set up a trust from your AD Domain(s) to your Kerberos realm,
and them use the userprincipal field of AD to map a AD user account to a
kerb princ. This allows you, effectively, to use your login info from
your krb5 realm, but get a SID and other AD info (group membership,
personal info, etc) from AD.
There is a whitepaper up on MS's site.
-Matt
MattW wrote:
> Esteemed Others,
>
> Is it possible to use Windows2000 Active Directory service, and
> benefit from the centralized user and group info, but to use
> Kerberos hosted on a linux machine as the Authentication piece?
>
> I see descriptions on the net for using Kerberos to Authenticate,
> but none of them seem to include a domain setup. Is this an
> either-or scenario?
>
> thanks,
>
> Matt
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
