[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: using active directory keys

To: Dave Love <d.love@dl.ac.uk>
Subject: Re: using active directory keys
From: "Douglas E. Engert" <deengert@anl.gov>
Date: Wed, 05 Jan 2005 10:26:03 -0600
Cc: heimdal-discuss@sics.se
In-Reply-To: <rzqbrc4dtvr.fsf@loveshack>
References: <rzqbrc4dtvr.fsf@loveshack>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2) Gecko/20040803



Dave Love wrote:

> Does anyone know if there's any possibility of extracting keys from an
> active directory and loading them into a Heimdal KDC (or even an MIT
> one)?  I couldn't find any relevant info from a web search.

No, never see this.

> 
> The scenario is Windows pass-through login trusting Heimdal for SSO,
> and wanting to avoid resetting passwords on Windows accounts.


But if the user principals are registered in a Hiemdal realm, with
cross realm trust to the AD domain, AD can accept this. This does require
an AD account for the user but no password for AD.

See:
http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp
Section: "Creating Account Mappings"

> 
> 
> 
> 
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

Follow-Ups:
- Re: using active directory keys
  - From: Dave Love <d.love@dl.ac.uk>

References:
- using active directory keys
  - From: Dave Love <d.love@dl.ac.uk>

Prev by Date: Re: using active directory keys
Next by Date: Re: using active directory keys
Prev by thread: using active directory keys
Next by thread: Re: using active directory keys
Index(es):
- Date
- Thread