This is possible using the built-in Microsoft Kerberos as well without adding software. There are a few threads from this list about how to do it.
Basically, you need to: Use KSetup to configure the Windows machine with settings about your MIT realm. Create a host principal on the MIT KDC and set the same machine password with ksetup to "Join" the MIT realm. Use Ksetup to map MIT users to local SAM users Also remember that Windows does not support all enctypes, so your KDC will have to support at least one of: DES-CBC-CRC DES-CBC-MD5 RC4-HMAC AES-128 (Vista +) AES-256 (Vista +) -Ross -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jaap Winius Sent: Friday, April 01, 2011 6:02 PM To: [email protected] Subject: Re: Is it possible to authenticate Windows clients against MIT Kerberos (no AD)? Quoting Cosimo La Torre <[email protected]>: > I have been trying to configure a WinXP client to authenticate against MIT > Kerberos V with no success (linux clients all work fine)... Yes, of course it is. Just use the Kerberos client for Windows: http://web.mit.edu/kerberos/kfw-3.2/kfw-3.2.2.html However, all this gets you is bare-bones Kerberos authentication; you still need to log in to Windows first. So, you might consider combining that with the pGina client... http://www.pgina.org/index.php/Main_Page ... and the Kerberos plugin for it: http://pages.cs.wisc.edu/~timc/pgina/ But, even if you get all that to work, your users will still need local accounts on all the Windows workstations before they can log in; local accounts are not created for them automatically, nor are they stored on the network. If you don't like that idea, it seems that currently your only other options are either to buy a license for a M$ Windows server, or wait for Samba4: https://wiki.samba.org/index.php/Samba4 Cheers, Jaap ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
