Hi,
There is also a Windows SSP that allowed you to do what you want, and a couple of things you maybe are only thinking on, as create authorized accounts on the fly. I'm not aware of improvements (again since two years), but I did the work more or less nicely (needed to patch to not remove local accounts if something fails). It is at http://sc-ap.sourceforge.net/
I did the sc-ap thingy. It is "only" a wrapper around the kerberos SSP, creating accounts on the fly before kerberos is doing its work.
I would be happy to proceed, if anyone has an idea to improve sc-ap. Please send me patches, I would be happy to include.
There is one thing I did not publish until now: I have a patch to extract most of the cleartext password (at least with XP) with sc-ap, since Microsoft only did an easy "encrypting".
On the positive side: The knowledge of the algorithm to reconstruct cleartext password would be a huge step in the direction to write MS independant SSP's.
> I cannot tell you if any of these allow any kind of roaming profile, > in case you need it.If I remember correctly Roaming profiles are quite difficult, since the corresponding client technology is quite undocumented, AFAIK. If someone has a pointer ...
Greetings, Olaf Flebbe
begin:vcard fn:Olaf Flebbe n:Flebbe;Olaf org;quoted-printable:science+computing ag;IT Services T=C3=BCbingen adr;quoted-printable:;;Hagellocher Weg 73;T=C3=BCbingen;;72070;Germany email;internet:[email protected] title:Chief Software Architect tel;work:+49 7071 9457 254 tel;fax:+49 7071 9457 511 x-mozilla-html:FALSE url:http://www.science-computing.de version:2.1 end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
