Christopher D. Clausen wrote:
"ksetup /mapuser * *" does not map all users to a single account. It maps Kerberos principals to local accounts (if they exist) whose username matches the first component of the principal. However, Windows will not create accounts on the fly. A GINA could definitely do that for XP (but not Vista). I don't know if a Network Provider could do it. I'm thinking not because by the time the Network Provider has been called I believe the SID of the user must be determined.Victor Sudakov <[EMAIL PROTECTED]> wrote:I have configured Windows XP to use a Heimdal KDC for user authentication. All existing Windows users can authenticate against the KDC, user mapping is "ksetup /mapuser * *".However, Windows does not create a new local user with the same name as the Kerberos princical I try to authenticate as.No, Windows does not, nor should it. You mapped all principals to a single user account. If you want seperate accounts, you'll need to actually create the accounts ahead of time and map the principal to the individual accounts.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
