At 09:41 AM 6/10/2004, Jeffrey Altman wrote:
This is another reason why I like the cross-realm solution for managing non-Windows services. Let Active Directory manage the Windows based services and an MIT KDC manage the non-Windows services. Use cross-realm between the two to obtain the service tickets for the non-Windows services.
Right, and I'm finding this solution sucks because Microsoft needs the PAC for authorizing anything. The way things are going it looks like using a Microsoft AD for a KDC is the "better" solution if you ever need to use Microsoft services from a client that doesn't know about the trust. In our case this is the fate we have run into when trying to truely kerberize Exchange, you can't. I think the whole Kerberos interoperability marketing by Microsoft is just a ghost, a facad. In fact, unless you use AD as the KDC in your organization, you are looking at more hurt than help.
Rodney
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
