> >Is anyone aware of any product that can sync passwords > between an MIT > >Kerberos KDC and MS Active Directory? > > Alf Wachsmann at SLAC is doing this with Heimdal. > > Personally I'd rather only have the passwords (keys actually) stored > in one of the two, and I'd rather it wasn't the commercial product. > Institutional requirements differ though. > -- > The opinions expressed in this message are mine, > not those of Caltech, JPL, NASA, or the US Government. > [EMAIL PROTECTED], or [EMAIL PROTECTED] >
I agree completely. We want to move away from AD and over to Kerb. But the password syncing was a compromise between us (the Unix guys) and Windows guys. We plan to do it on a non-permanent basis as a way of (a) migrating passwords from Windows to Kerb by trapping password change events over the next 3 or 4 months and (b) continuing to allow non-Kerb (NTLM only) apps to still login with the same "one username/one password." If either of you can help me out, I'd be greatful. -- DK ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
