Gayal <[EMAIL PROTECTED]> wrote: > On 2/8/07, Christopher D. Clausen <[EMAIL PROTECTED]> wrote: >> Gayal <[EMAIL PROTECTED]> wrote: >>> Hi, >>> I want to implement SSO with Win2003 Server for Linux Clients. >>> But I dont have access to Win2003 Server. ex:creating keytab files >>> are not possible. >>> So i installed MIT Kerberos KDC server to a Debian Etch and try to >>> implement SSO for Linux Client. >>> >>> I assume above proceedures can be done on Win2003 too becasue it >>> has a Kerberos Server. >>> Am i correct? >> >> Yes, using Microsoft's Active Directory. >> > Is this possible without having Access to the Win2003 DC?
Depends upon what you mean by "access." You may need to have a domain administrator create the principals for you or otherwise extract the keytabs. You do not need logon access or even "domain administrator" access. You only need to be able to create new user / computer accounts and then run a few commands to extract the keytabs. This permission can be delegated to you by a domain admin. You might want to consider having the domain admin setup a Kerberos cross-realm trust to your MIT Kerberos realm. That might be easier than having keytabs for all machines in Active Directory. <<CDC ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos