>Just thinking that it might be a little like NSS/PAM. In Linux >I need Lib{PAM,NSS}-LDAP for uid/gid number mapping etc (authorization) >and LibPAM-Krb5 for password (authentication)...
The Windows "solution" is, as previously mentioned, to have a local or Active Directory account for the user. That's where the authorization information comes from (in an AD domain it is included in the authorization data field of the ticket). Note that enhancing a KDC to supply the necessary authorization data is not sufficient to eliminate the need for an local or Active Directory account. It is, as one might expect, a significantly more involved problem. > Luke> Did you set the machine password with ksetup and create a > Luke> machine principal on your KDC with the same password? > >Yes. I first tried with a random passwd and add that to the keytab. >I then found the link to the step-by-step guide, so I re-did it, >this time without adding it to the keytab. Which keytab? There is no keytab on a Windows 2000 workstation. You need to do ksetup /SetComputerPassword to set the machine password in the LSA secret store. You can verify this with lsadump2. -- Luke -- Luke Howard | PADL Software Pty Ltd | www.padl.com ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos