Re: active directory - kerberos realms
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 05/15/04
- Next message: barabba: "Re: active directory - kerberos realms"
- Previous message: Joe Richards [MVP]: "Re: Where is the Global Cache tool for Srv 2003?"
- In reply to: barabba: "active directory - kerberos realms"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 15 May 2004 08:17:40 -0400
You can use an MIT or Heimdahl implementation instead of AD kerberos but not on
the domain controller, you would set up a different realm entirely. You would
lose many of the Microsoft benefits such as the built in authorization, group
policies, integrated LDAP directory, etc.
You can also set up an MIT/Heimdahl realm and have the AD domains trust it and
have clients authenticate to that. It is considerable work.
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net barabba wrote: > Hi all, > > we all know that Active Directory uses Kerberos for a number of > things. > We also all know that all Domain Controllers run Kerberos by default. > > However, I read in a MS book that it is possible to use third pary > Kerberos service instead of the native Kerberos supplied by DCs. > Is this true ? > Does anybody have any more details about this ? > > Thanks, > Bar
- Next message: barabba: "Re: active directory - kerberos realms"
- Previous message: Joe Richards [MVP]: "Re: Where is the Global Cache tool for Srv 2003?"
- In reply to: barabba: "active directory - kerberos realms"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
