[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: using active directory keys

Dave Love wrote:

> Does anyone know if there's any possibility of extracting keys from an
> active directory and loading them into a Heimdal KDC (or even an MIT
> one)?  I couldn't find any relevant info from a web search.

No, never see this.

> The scenario is Windows pass-through login trusting Heimdal for SSO,
> and wanting to avoid resetting passwords on Windows accounts.

But if the user principals are registered in a Hiemdal realm, with
cross realm trust to the AD domain, AD can accept this. This does require
an AD account for the user but no password for AD.

Section: "Creating Account Mappings"



  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444