KDC built in or out of smbd
neil.hoggarth at physiol.ox.ac.uk
Wed Nov 30 11:31:30 GMT 2005
On Wed, 30 Nov 2005, Andrew Bartlett wrote:
> On Wed, 2005-11-30 at 09:09 +1100, Tim Potter wrote:
> > Last time this was discussed the option to hook in an external KDC,
> > if there is one available on the network, was raised. Is this still
> > the case?
> Yes and No... There is not currently any way to hook in an external
> KDC, but we have shown that should an external KDC happen to share the
> same database, simply disabling our KDC would suffice.
The O'Reilly book "Kerberos: The Definitive Guide" has a section on
Windows/Unix interoperability where it suggests that one can use a
non-MS KDC with a Windows Active Directory server, by establishing a
cross-realm trust relationship between the AD realm and the pre-existing
Is something like this likely to be possible with Samba 4?
I have previously entertained hopes of using Samba 4 as a "glue layer"
between an existing MIT-based University-wide Kerberos service (which is
not under my administrative control) and a Windows domain which I would
administer on my department's local LAN. I get less hopeful the more I
learn about AD, but any encouragement would be gratefully received!
Neil Hoggarth Departmental Computing Manager
<neil.hoggarth at physiol.ox.ac.uk> Laboratory of Physiology
http://www.physiol.ox.ac.uk/~njh/ University of Oxford, UK
More information about the samba-technical