[32396] in Kerberos
Re: Any way to propagate db
daemon@ATHENA.MIT.EDU (Simo Sorce)
Wed Jun 2 13:25:56 2010
Date: Wed, 2 Jun 2010 13:25:47 -0400
From: Simo Sorce <ssorce@redhat.com>
To: kerberos@mit.edu
Message-ID: <20100602132547.56dde659@willson.li.ssimo.org>
In-Reply-To: <AANLkTimmyCUxRC0ySCwHEpEN0A4yYAXGjWbgCO4-UQTi@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Wed, 2 Jun 2010 10:04:25 -0700
Techie <techchavez@gmail.com> wrote:
> Ok, thank you for the information. I was hoping there was a way to do
> something similar to a kprop from AD to an MIT KDC using some kind of
> AD tool. But I also imagined that would not be the case since there
> are likely many incompatibilities.
> I think I need to read up on the Microsoft Kerberos documentation.
Note that merely propagating passwords does not give you a KDC that is
able to release tickets that are valid in the AD realm.
The only code currently able to extract that info reliably lives in the
development version of samba called samba4 and implements a full
Windows DC with native replication.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
