> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tobias Heide > Sent: Tuesday, September 02, 2003 10:43 PM > To: [EMAIL PROTECTED] > Subject: Win2000 PAC-Credentials Implementation > > Hi there! > > I wanted to have Windows 2000 Clients authenticate against a > MIT Kerberos > 1.3.1 KDC. But during implementation I came across some questions: > > 1. Is there an implementation for the Windows 2000 additional > authorization information, which they keep in their tickets? > There is an internet draft (which is expired), but is there > an implementation as well? AFAIK there is no implementation released by Microsoft or others. The PAC specification can be found at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnkerb/ html/MSDN_PAC.asp > > 2. Does any one know, why MS messes up DNS with certain > _mscd, _tcp (etc.) Domains? What is the sense behind this? > These are SRV records that support service location. The _msdcs is used for dc location. The _tcp, _udp for the KDC.
> 3. Is there a backend for LDAP in MIT Kerberos? Could as well > be beta, because this is only a case study until now. > > 4. Did anyone get it to run? (both, LDAP and/or Win2000 Clients) > You can get W2K clients to work against a MIT KDC even without having any PAC support on the MIT KDC. You will have to use ksetup to map the kerberos users to local accounts. See http://www.microsoft.com/windows2000/techinfo/planning/security/kerbstep s.asp > Overall goal would be, to have some kind of active directory, > but based on Open Source Software. > > Thanks in advance, > tobi > -- > System Administrator DAASI International GmbH > http://www.daasi.de ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos This posting is provided "AS IS" with no warranties, and confers no rights. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
