Re: Win Kerb Server
Is this possible without having Access to the Win2003 DC? On 2/8/07, Christopher D. Clausen [EMAIL PROTECTED] wrote: Gayal [EMAIL PROTECTED] wrote: Hi, I want to implement SSO with Win2003 Server for Linux Clients. But I dont have access to Win2003 Server. ex:creating keytab files are not possible. So i installed MIT Kerberos KDC server to a Debian Etch and try to implement SSO for Linux Client. I assume above proceedures can be done on Win2003 too becasue it has a Kerberos Server. Am i correct? Yes, using Microsoft's Active Directory. CDC -- Gayal Rupasinghe SU-APIIT Only wimps use tape backup: real men just upload their important stuff on ftp, and let the rest of the world mirror it http://Gayal.zapto.org Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Re: Win Kerb Server
Gayal [EMAIL PROTECTED] wrote: On 2/8/07, Christopher D. Clausen [EMAIL PROTECTED] wrote: Gayal [EMAIL PROTECTED] wrote: Hi, I want to implement SSO with Win2003 Server for Linux Clients. But I dont have access to Win2003 Server. ex:creating keytab files are not possible. So i installed MIT Kerberos KDC server to a Debian Etch and try to implement SSO for Linux Client. I assume above proceedures can be done on Win2003 too becasue it has a Kerberos Server. Am i correct? Yes, using Microsoft's Active Directory. Is this possible without having Access to the Win2003 DC? Depends upon what you mean by access. You may need to have a domain administrator create the principals for you or otherwise extract the keytabs. You do not need logon access or even domain administrator access. You only need to be able to create new user / computer accounts and then run a few commands to extract the keytabs. This permission can be delegated to you by a domain admin. You might want to consider having the domain admin setup a Kerberos cross-realm trust to your MIT Kerberos realm. That might be easier than having keytabs for all machines in Active Directory. CDC Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos