Kerberos in modern-day enterprise/corporate network, howto ? - Kerberos

This is a discussion on Kerberos in modern-day enterprise/corporate network, howto ? - Kerberos ; Dear people, There is a couple of recipes on the Internet on how to set up Kerberos, LDAP and DNS to get an authentication realm with single sign-on. In part, there are nice (although little obsolete) recipes from Jason Haiss ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Kerberos in modern-day enterprise/corporate network, howto ?

  1. Kerberos in modern-day enterprise/corporate network, howto ?

    Dear people,

    There is a couple of recipes on the Internet on how to set up Kerberos,
    LDAP and DNS to get an authentication realm with single sign-on.
    In part, there are nice (although little obsolete) recipes from
    Jason Haiss and Turbo Fredriksson, as well as Travis Crawford article
    in SAMAG, and some others.

    Currently, some IT-people around me have an idea
    to (mostly) replace Windows (2000) domain with Kerberos realm.
    However there are some problems on their way, like:

    1. In Windows, you could log on with cached credentials in case
    the DC is unreachable. Then, when a DC becomes reachable,
    your Windows may lock your session and force you to revalidate
    your password (in case it had been changed on DC from another
    session). How would you recommend to reimplement similar
    functionality with available open-source/free software ?

    2. What mail server (authenticated smtp&imap) and what mail client
    (Novell's Evolution?) to choose to make use of KRB single sign-on ?

    3. What is better to use as a GUI browser/mounter for
    network/SMB shares (with the same single sign-on, of course) ?

    In fact, simple end users of information technologies
    do not want big disruptions after the migration.
    They would like to keep familiar feeling
    of being logged in to a domain.

    Hoping to get some advises from the competent people in the newsgroup
    on the topics above. May be they would become useful augments
    to the existing howtos.

    Thank you in advance for your replies.

  2. Re: Kerberos in modern-day enterprise/corporate network, howto ?

    Wladimir Mutel wrote:
    > Dear people,


    Sorry for causing you to ignore me by such inconvenient questions.
    Could you please at least send me elsewhere with asking them ? :>

    > Thank you in advance for your replies.


+ Reply to Thread