[7468] in Kerberos
Re: DCE and terminal servers
daemon@ATHENA.MIT.EDU (Chris Cowan)
Wed Jun 12 17:23:52 1996
To: kerberos@MIT.EDU
Date: 12 Jun 1996 13:34:24 -0500
From: cc@mantis.austin.ibm.com (Chris Cowan)
Reply-To: cc@austin.ibm.com
>>>>> "Rich" == Rich Salz <rsalz@osf.org> writes:
Rich> In <w5wk9xerodk.fsf@mantis.austin.ibm.com> cc@austin.ibm.com writes:
>> In the interim between now and DCE 1.2.2 is it possible that kprop could
>> be used to make run an MIT K5 slave from a DCE master?
Rich> If you have DCE source you could do some serious hacking to make kprop
Rich> read the DCE security database and filter out and propagate the kerberos
Rich> stuff. A few weeks of hard-core programming time, at least.
Rich> /r$
Just want to make sure I have this straight.
According to Sam Hartman, all I need is K5 dump, kprop is just a
transport util. After reading the K5 docs it appears to that this is
normally produced by kdb5_edit with the dump_db (ddb) subcommand.
Is the registry one monolithic database or is it really several
different DB's joined together. Is there any chance that any DCE or
K5 utils to get to the pertinent KDC info? How
compatible/incompatible are kdb5_edit and secd?
Also, I'm hoping that we (meaning people who are using DCE day in/day
out) can convince you (OSF) to expose this function. It would be
invaluable for people with "legacy" kerberos systems (K4 and AFS), who
would like to consolidate to a single realm. I realize that I have
the luxury of working at IBM and have that vehicle for OSF requests.
(But, I only have a single vote or voice).
Thanks,
--
Chris Cowan
ISSC (DCE/DSM Architecture)
-------------------------------------------------------------------------
Phone: 512-823-0113 FAX: 512-823-0727
--
"Writing about music is like dancing about architecture."
Thelonious Monk
