No VM C/C++ compiler here :( so it's off to Heimdal for me. I forgot to mention that part of the problem is my complete and utter ignorance of Kerberos.
-----Original Message----- From: VM/ESA and z/VM Discussions [mailto:[EMAIL PROTECTED] On Behalf Of David Boyes Sent: January 17, 2006 10:47 To: [email protected] Subject: Re: Active Directory and Kerberos > My problem lies in connecting VM Kerberos to Windows Active > Directory. I think all I have to do is change KRB CONF to the > appropriate values and it should work. It appears that when > Microsoft adapted Kerberos for use in Active Directory, that > they renamed EVERYTHING, so that the VM Kerberos instructions > mean nothing to our Windows guys. VM's Kerberos support is based on Kerberos version 4 (and a REALLY ancient version of K4 at that). AD is based on Kerberos version 5. K4 is not upward compatible with K5. You'll need a system supporting k42k5d (such as a Linux guest running Heimdal or a similar widget) to provide K4->K5 translation support. If you google for setting up Heimdal for use with OpenAFS, you'll find a cookbook to configuring k42k5d (older versions of OpenAFS required K4 support; recent versions are K5-clean) to supply translation services. Once that's done, then you can update KRB CONF as documented in the VM TCPIP planning guide to point to the guest running Heimdal, and you should be able to acquire tickets. It is possible (if extraordinarily tedious) to build MIT Kerberos 5 sources on CMS if you have the VM C/C++ compiler installed, but the process is very long and involved. If you're really interested, contact me offline and we can discuss it further. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon, this information by persons or entities other than the intended recipient or delegate is strictly prohibited. If you received this in error, please contact the sender and delete the material from any computer. The integrity and security of this message cannot by guaranteed on the Internet. The Sender accepts no liability for the content of this e-mail, or for the consequences of any actions taken on basis of the information provided. The recipient should check this e-mail and any attachments for the presence of viruses. The sender accepts no liability for any damage caused by any virus transmitted by this e-mail. This disclaimer is the property of the TTC and must not be altered or circumvented in any manner.
