[19627] in Kerberos
Re: Windows 2000 Server as KDC
daemon@ATHENA.MIT.EDU (John Rudd)
Mon Jul 21 20:13:18 2003
Message-ID: <3F1C800B.489E35C5@ucsc.edu>
Date: Mon, 21 Jul 2003 17:06:35 -0700
From: John Rudd <jrudd@ucsc.edu>
To: kerberos@MIT.EDU
Errors-To: kerberos-bounces@mit.edu
Mel Riser wrote:
>
>
> the Win2k KDC has to be the primary,
That's annoying.
> but Linux boxes or other OS's running kerberos can be backups. Replication is the problem though.
Any pointers on how to make that work?
>
> an easier solution would be to setup a windows realm for Win2k KDC and a cross realm trust with a linux box in a different realm.
>
We were doing this (with Solaris, not Linux), but when the bug and fix
for the cross-realm security hole came out a few months ago, that caused
it all to break (we need krb4 cross-realm auth because AFS is in the
picture). So, we're basically running an older un-patched krb524d in
order to keep things working ... but that doesn't make me comfortable in
the long run, so I'm looking for other solutions.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
