[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: using active directory keys

To: "Douglas E. Engert" <deengert@anl.gov>
Subject: Re: using active directory keys
From: Dave Love <d.love@dl.ac.uk>
Date: Wed, 05 Jan 2005 17:37:17 +0000
Cc: heimdal-discuss@sics.se
In-Reply-To: <41DC151B.1080706@anl.gov> (Douglas E. Engert's message of"Wed, 05 Jan 2005 10:26:03 -0600")
References: <rzqbrc4dtvr.fsf@loveshack> <41DC151B.1080706@anl.gov>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/21.2 (gnu/linux)

"Douglas E. Engert" <deengert@anl.gov> writes:

> But if the user principals are registered in a Hiemdal realm, with
> cross realm trust to the AD domain, AD can accept this. This does require
> an AD account for the user but no password for AD.

Sure.  The issue is AD accounts that aren't in the Heimdal realm
currently.  They can't participate in SSO to the rest of the world
without admin setting their passwords.  (Or am I being stupid?)

I think Luke's suggestion is what I want, once I find out how to load
the keys into Heimdal.  If there's no info around, I can write notes
if/when I get it going.

Follow-Ups:
- Re: using active directory keys
  - From: "Douglas E. Engert" <deengert@anl.gov>
- Re: using active directory keys
  - From: Love <lha@stacken.kth.se>

References:
- using active directory keys
  - From: Dave Love <d.love@dl.ac.uk>
- Re: using active directory keys
  - From: "Douglas E. Engert" <deengert@anl.gov>

Prev by Date: Re: using active directory keys
Next by Date: Re: using active directory keys
Prev by thread: Re: using active directory keys
Next by thread: Re: using active directory keys
Index(es):
- Date
- Thread