[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: using active directory keys



"Douglas E. Engert" <deengert@anl.gov> writes:

> But if the user principals are registered in a Hiemdal realm, with
> cross realm trust to the AD domain, AD can accept this. This does require
> an AD account for the user but no password for AD.

Sure.  The issue is AD accounts that aren't in the Heimdal realm
currently.  They can't participate in SSO to the rest of the world
without admin setting their passwords.  (Or am I being stupid?)

I think Luke's suggestion is what I want, once I find out how to load
the keys into Heimdal.  If there's no info around, I can write notes
if/when I get it going.