[29286] in Kerberos
AD using an external Kerberos realm
daemon@ATHENA.MIT.EDU (Jay Elvove)
Mon Feb 18 14:22:20 2008
From: "Jay Elvove" <jay@umd.edu>
To: <kerberos@mit.edu>
Date: Mon, 18 Feb 2008 14:21:22 -0500
Message-ID: <KNECKKHPGBOGKLKDPGFJIEFBDIAA.jay@umd.edu>
MIME-Version: 1.0
In-Reply-To: <cc5e5bc9-cced-43c3-8a2d-3c349007b97a@e10g2000prf.googlegroups.com>
Reply-To: jay@umd.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Last month, a colleague of mine sent a message to the Windows Higher
Ed list asking about possible problems authenticating certain Microsoft
applications to an external KDC. We're getting ready to roll out our
very first campus-wide Active Directory environment, which will include
Exchange 2007 and Microsoft SharePoint Server (MOSS) 2007. User accounts
and other data will be populated into AD using Microsoft Identify
Lifecycle Manager 2007. The plan, which thus far has worked successfully
in test, is to store user passwords in our Heimdal KDC and force all
authentications to occur through the external KDC
Several key departments have voiced concerns over whether or not web
authentication to applications such as MOSS 2007, Outlook Web Access
(OWA) and Citrix will work using an external KDC.
We received a lot of good information from the Windows Higher Ed list, but
I thought it might be valuable to get feedback from the folks who support
external KDCs as well. Are there any major gotchas that those of us
who support Kerberos or the Windows community at large should be aware
of?
Thanks,
Jay
-----
Jay Elvove
Distributed Computing Services
University of Maryland
Office of Information Technology
Computer & Space Sciences Building
Room 1301A
College Park, MD 20742
jay@umd.edu
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
