RE: [ActiveDir] Kerberos Info
Yep, I agree. 'tiswhy I included their myth's link. =) We (and when I say we I mean our UNIX folks, not me) have been working on kerberos integration with AD for a couple of years now. Massive issues with cross realm (cross domain) and service location and some small issues with keytab generation. Also now with Windows 2003, HPUX can't use the keytabs because they use the weakest form of encryption I guess which MS disabled in K3. Its all fun. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike WelbornSent: Sunday, May 02, 2004 8:34 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Kerberos Info JoeIf you are interested in true *nix integration with Active Directory, check out a company named Vintela. They have a great solution but you will pay for it. Mike W. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Sunday, May 02, 2004 6:09 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Kerberos Info In line with an earlier post where I said that LDAP isn't for authentication, kerberos is. Here are some kerberos links for folks. The last one is from a vendor who sells a product to help but it interesting reading due to them pointing out some of the shortcomings of some of the *nix solutions to integrate into the Windows world. Good things to know BEFORE you dive into trying to do it. http://www.microsoft.com/windows2000/techinfo/howitworks/security/kerberos.asp http://www.microsoft.com/windowsserver2003/technologies/security/kerberos/default.mspx http://www.vintela.com/support/docs/vas/2.4/VAS_Myths.pdf joe
RE: [ActiveDir] Kerberos Info
JoeIf you are interested in true *nix integration with Active Directory, check out a company named Vintela. They have a great solution but you will pay for it. Mike W. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Sunday, May 02, 2004 6:09 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Kerberos Info In line with an earlier post where I said that LDAP isn't for authentication, kerberos is. Here are some kerberos links for folks. The last one is from a vendor who sells a product to help but it interesting reading due to them pointing out some of the shortcomings of some of the *nix solutions to integrate into the Windows world. Good things to know BEFORE you dive into trying to do it. http://www.microsoft.com/windows2000/techinfo/howitworks/security/kerberos.asp http://www.microsoft.com/windowsserver2003/technologies/security/kerberos/default.mspx http://www.vintela.com/support/docs/vas/2.4/VAS_Myths.pdf joe
Re: [ActiveDir] Kerberos Info
Hey Mike, How about clicking on that last link that Joe provided? On May 2, 2004, at 8:33 PM, Mike Welborn wrote: x-tad-biggerJoeIf you are interested in true *nix integration with Active Directory, check out a company named Vintela./x-tad-bigger x-tad-biggerThey have a great solution but you will pay for it./x-tad-bigger x-tad-bigger/x-tad-bigger x-tad-biggerMike W./x-tad-bigger x-tad-bigger/x-tad-bigger x-tad-bigger/x-tad-bigger x-tad-biggerFrom:/x-tad-biggerx-tad-bigger [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] /x-tad-biggerx-tad-biggerOn Behalf Of /x-tad-biggerx-tad-biggerjoe/x-tad-bigger x-tad-biggerSent:/x-tad-biggerx-tad-bigger Sunday, May 02, 2004 6:09 PM/x-tad-bigger x-tad-biggerTo:/x-tad-biggerx-tad-bigger [EMAIL PROTECTED]/x-tad-bigger x-tad-biggerSubject:/x-tad-biggerx-tad-bigger [ActiveDir] Kerberos Info/x-tad-bigger x-tad-biggerIn line with an earlier post where I said that LDAP isn't for authentication, kerberos is. Here are some kerberos links for folks. The last one is from a vendor who sells a product to help but it interesting reading due to them pointing out some of the shortcomings of some of the *nix solutions to integrate into the Windows world. Good things to know BEFORE you dive into trying to do it./x-tad-bigger x-tad-bigger /x-tad-bigger x-tad-biggerhttp://www.microsoft.com/windows2000/techinfo/howitworks/security/kerberos.asp/x-tad-bigger x-tad-biggerhttp://www.microsoft.com/windowsserver2003/technologies/security/kerberos/default.mspx/x-tad-bigger x-tad-biggerhttp://www.vintela.com/support/docs/vas/2.4/VAS_Myths.pdf/x-tad-bigger x-tad-bigger joe/x-tad-bigger
