[31571] in Kerberos
Using kerberos on windows machines without AD support
daemon@ATHENA.MIT.EDU (Guillaume Rousse)
Mon Oct 12 07:45:21 2009
X-Barracuda-Envelope-From: Guillaume.Rousse@inria.fr
Message-ID: <4AD3169A.9030000@inria.fr>
Date: Mon, 12 Oct 2009 13:44:26 +0200
From: Guillaume Rousse <Guillaume.Rousse@inria.fr>
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello list.
We're authenticating our Windows users against our Unix kerberos domain,
through a trust relationship between our AD domain and this kerberos
domain. It works well for windows machines that belong to this domain,
because they automatically get a suitable TGT at login.
However, there is an issue for machines that doesn't belong to this
domain, either because they don't belong to any domain, or worse,
because they belong to another one for which I can't setup a trust
relationship. I know how to get a TGT with MIT kerberos client for
windows, that can be used by third-party applications such as putty, for
instance, but I can't have Explorer uses it for accessing CIFS shares,
or kerberos-protected web sites.
So, is there a way to manually populate the system kerberos credential
caches when the login procedure doesn't handle it ?
--
BOFH excuse #276:
U.S. Postal Service
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
