Scott,
Sounds like we're both trying to do the same thing... Im at the University of Washington in Seattle in a small group - we have NT 4 now and are going to upgrade to windows 2000 w/active directory soon and want to use a Linux-MIT-Kerberos server as our master authentication. So all passwords will reside on the linux/MIT/Kerberos5 Server and Windows login authentication will reference those credentials. We havent implemented this yet, but we're in the process of learning about it.... The best windows-side pages I've found about this are the following link - I hope you'll find them useful... http://www.coe.uncc.edu/~rmdyer/krblogon.htm http://ofb.net/~jheiss/krbldap/ http://www.washington.edu/computing/support/windows/2000/altsecid.html http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp -Matt Scott Ehrlich wrote: > I am preparing to implement either a Windows 2000 or Windows 2003 Server > domain with AD for 1000+ people, and we plan to have separate UNIX-based > Kerberos and LDAP servers. This is for an MIT independent lab with a very > heterogenious environment, so PAM (pluggable authentication modules) for > the UNIX clients will not be friendly options. I'm part of the system > team. > > The goal will be to set up the Win Server with AD, have Windows clients > join as workstations. Then, with accounts and security being shared > between the LDAP and Kerberos servers, allow users to log into any > workstation of choice (or multiple workstations), do whatever they want - > (change passwords, work on research, etc), and have all authentication > to/from the Windows clients simply pass through the domain controller, so > we don't have to deal with two Kerberos and LDAP environments (one being > the independent servers, the other being the domain controller). > > The ultimate goal will be the ability of users to log into UNIX and > Windows workstations alike with the same credentials, and all > authentication pointing singly at the LDAP and Kerberos servers only. > > Thanks for ANY leads. I've got some URLs, but I want as much info as > possible, for I'm the key implementor of this for the Microsoft-side :-| > > Scott ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos