>
> On Thursday, January 12, 2006 01:42:54 PM +0100 Bjorn Tore Sund
> <[EMAIL PROTECTED]> wrote:
>
>
>>University of Bergen is setting up a unix/linux Kerberos realm to handle
>>logons on our unix/linux clients and servers (about 1500). Our problem
>>is that all 30.000 users needs principals on the KDC,
Why duplicate the user?
You could do cross realm between the AD realm and the Kerberos realm.
so you only need the hosts principals registered in the MIT based kerberos
realm. Let the users stay in AD. This is what we have done for years.
Another approach is to add the unix host principals to AD, so you
don't have to setup any new realms. We are starting to migrate the
host principlas to AD.
>>and we'd rather
>>not have to run all of them through having to type their password
>>somewhere.
> ________________________________________________
> Kerberos mailing list [email protected]
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
