-----BEGIN PGP SIGNED MESSAGE----- In article <[EMAIL PROTECTED]>, Derek Yarnell <[EMAIL PROTECTED]> wrote: >> >> - The long and short of it, is that if you want to support W2k >> services, you HAVE to run a W2k Active Directory server. You don't >> have to keep user passwords in it, but you have to run it. >> > >So wait you are saying there is a way to pass through the krb5 auth to >a MIT kdc? How can I do this, while running W2K Active Directory for >things like exchange... etc.. >
- - I can't give much more than a brief outline. I suggest you look into the highered W2K email list archives for more precise detail. Basically, you set up a cross-realm trust btw the AD and the mit KDC. You then create dummy w2K accounts for each user and set things up so that [EMAIL PROTECTED] can "log in" to the AD realm under the [EMAIL PROTECTED] realm. - - The drawback of this approach is that many windows apps want to use NTLMV2 which is not supported in this configuration. - - Booker C. Bense -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBPQUcqAD83u1ILnWNAQFGSwP+PCifikOKFiXcUzkO77mSMkRt6s+Fe3TF aExeax2wkXDDw5vsfjyuMicqrbR5yyAAH+sKqE/0pu1tqhM7u23Oy1Qpm0x4OIRU qu4p6DUqP9w9AiSJQiQ4KEa+zoeefcrMDu1Jdu1kuErxPCTk7SmehFoHR1gtumh1 ZeEoAaplBEc= =rBNC -----END PGP SIGNATURE----- -- ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
