[14501] in Kerberos
Re: windows 2000 and an mit kdc
daemon@ATHENA.MIT.EDU (Dirk Kastens)
Wed May 30 03:43:46 2001
From: "Dirk Kastens" <dkastens@uos.de>
Date: Wed, 30 May 2001 09:27:19 +0200
Message-ID: <9f27c3$33l$1@newsserver.rrzn.uni-hannover.de>
To: kerberos@MIT.EDU
Hi,
> Did you look at any other UNIX based KDCs - eg: Suns "SEAM" ?
No, I first used the MIT kerberos 5-1.2.2 server and now the IBM
network authentication service 1.1.0.
> What can you actually do now that you have connected windows2000 to your
MIT
> KDC - ie: do you get kerberos clients built into windows2000 - what are
> they, telnet & ftp ? are they any good ? Or do you use some other windows
> kerberos clients from some other supplier ?
No, I only used kerberos for the login on w2k. The drawback is, that
you still have to create local users on the workstations. Then you can
map local accounts to kerberos accounts.
> Why didnt you use the Windows-2000 KDC - was it because it couldnt be
used
> by the UNIX clients ?
No, it can be used by unix clients. But we don't trust Microsoft. Unix
kerberos
is a standard authentication system and the w2k kerberos is compatible at
the
moment. But nobody knows what Microsoft will do in the future (will windows
XP
still be compatible?). We are in the process of implementing a central user
database
and we don't want to depend on Microsoft. So we will use a unix LDAP server
and (probably later) use kerberos as the standard authentication system.
Dirk
