> So I was looking for alternatives. MS's SFU ssod looks ok but only > supports NIS password changes (out of the box). I don't suppose anyone > has changed ssod to support Kerberos password changes.
I guess you already have an AD, so you don't need either CEDAR nor password sync. The only thing you need is the schema extension from SFU (not the NIS thing). Using pam-krb5 and nss-ldap will give you a high degree of integration, at least as good as with any password replication and much easier. If you want to turn unix workstations/servers domain members, you can choose from adkadmin (http://www.css-security.com/cgi-bin/dnld_list.pl), ktpass.exe (from W2K support tools, don't remember the exact name) or samba (>=3). I made such setup with a 2003 AD around 2004 and it worked fine. I did even got an apache server as domain "member", allowing GSSAPI and single-sign-on. > Or knows of a better password change hook in windows (and not too > pricey). On the non-open world you have vintela (never used and no idea about price) ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
