KDC built in or out of smbd
Neil Hoggarth
neil.hoggarth at physiol.ox.ac.uk
Wed Nov 30 11:31:30 GMT 2005
On Wed, 30 Nov 2005, Andrew Bartlett wrote:
> On Wed, 2005-11-30 at 09:09 +1100, Tim Potter wrote:
>
> > Last time this was discussed the option to hook in an external KDC,
> > if there is one available on the network, was raised. Is this still
> > the case?
>
> Yes and No... There is not currently any way to hook in an external
> KDC, but we have shown that should an external KDC happen to share the
> same database, simply disabling our KDC would suffice.
The O'Reilly book "Kerberos: The Definitive Guide" has a section on
Windows/Unix interoperability where it suggests that one can use a
non-MS KDC with a Windows Active Directory server, by establishing a
cross-realm trust relationship between the AD realm and the pre-existing
realm.
Is something like this likely to be possible with Samba 4?
I have previously entertained hopes of using Samba 4 as a "glue layer"
between an existing MIT-based University-wide Kerberos service (which is
not under my administrative control) and a Windows domain which I would
administer on my department's local LAN. I get less hopeful the more I
learn about AD, but any encouragement would be gratefully received!
Regards,
--
Neil Hoggarth Departmental Computing Manager
<neil.hoggarth at physiol.ox.ac.uk> Laboratory of Physiology
http://www.physiol.ox.ac.uk/~njh/ University of Oxford, UK
More information about the samba-technical
mailing list