Mel Riser wrote: > > > the Win2k KDC has to be the primary, That's annoying.
> but Linux boxes or other OS's running kerberos can be backups. Replication is the > problem though. Any pointers on how to make that work? > > an easier solution would be to setup a windows realm for Win2k KDC and a cross realm > trust with a linux box in a different realm. > We were doing this (with Solaris, not Linux), but when the bug and fix for the cross-realm security hole came out a few months ago, that caused it all to break (we need krb4 cross-realm auth because AFS is in the picture). So, we're basically running an older un-patched krb524d in order to keep things working ... but that doesn't make me comfortable in the long run, so I'm looking for other solutions. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
