it is possible... we have several cross realm domains setup... this allows cross realm communications and users from one domain get tickets in another. once it's setup, it's fairly seamless
The Microsoft paper was invaluable... but you MUST follow it step by step. AND if your NETBIOS REALM and your K5 REALM are the same, one of them has to change. anyone wanting more direct questions or consulting can email me of list [EMAIL PROTECTED] -----Original Message----- From: Matthew Smith To: [EMAIL PROTECTED] Sent: 6/11/2003 2:43 PM Subject: Re: Possible to use a Windows Domain *and* UNIX/MIT Kerberos Auth You can set up a trust from your AD Domain(s) to your Kerberos realm, and them use the userprincipal field of AD to map a AD user account to a kerb princ. This allows you, effectively, to use your login info from your krb5 realm, but get a SID and other AD info (group membership, personal info, etc) from AD. There is a whitepaper up on MS's site. -Matt MattW wrote: > Esteemed Others, > > Is it possible to use Windows2000 Active Directory service, and > benefit from the centralized user and group info, but to use > Kerberos hosted on a linux machine as the Authentication piece? > > I see descriptions on the net for using Kerberos to Authenticate, > but none of them seem to include a domain setup. Is this an > either-or scenario? > > thanks, > > Matt > ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
