Re: Kerberos & Integration between Linux and Win2K

[Assar Westerlund <assar@sics.se>]

Mehrdad Rowshanbin <mehrdad.rowshanbin@cmg.nl> writes:
> On the next phase, the user should get a service ticket voor the
> printer or files which is on the Win2000 machine. I know the the
> second phase is not easy because of SID number which is places
> inside the authority field of the ticket.

This might not be easy.  But on the other hand, it's to the best of my
knowledge unknown what happens when you send a request to a w2k
application server without the SID:s (and other stuff) in the ticket.
It could, in theory at least, fetch that information from the active
directory.  It might also refuse to accept the request.  Experiments
are required here.

> Now my question is whether it is possible to authenticate a Linux
> user with the Win2000 machine or not.

Yes.

> and if the answer is yes, then which configuration should I use.

You should be able to get it work with lines similar to the following
in your /etc/krb5.conf:

[realms]
        REALM = {
                kdc = host:88
        }

Where `REALM' is the name of your w2k domain and `host' is the name of
your domain controller.

> By the way, is there another kerberos package voor Linux in Europe
> except heimdal.( I use heimdal 0.2q-1 voor redhat 6.1 on intel pro.)

Not to my knowledge.

/assar