Re: Hardening NIS+

From: Darren Moffat (Darren.Moffat@Sun.COM)
Date: 08/22/02


Date: Wed, 21 Aug 2002 17:17:53 -0700 (PDT)
From: Darren Moffat <Darren.Moffat@Sun.COM>
To: focus-sun@securityfocus.com, reggers@ist.uwaterloo.ca


>> IMHO, the best combination for ease of administration and security is to
>> use Kerberos with NIS+.
>
>I am curious .... Has anyone configured a Solaris machine to use Kerberos
>authentication against a Microsoft Active Directory?
>
>If I'm so lucky to find someone who has done so... what's required?

Yes this works fine. Just tell the Solaris machine the name/IP of
the Active Directory machine when you are prompted for the name of
the KDC during sysidcfg. If you are doing it post install then update
/etc/krb5/krb5.conf.

This just works. The opposite doesn't work well: ie using a Solaris
(or any MIT derived) KDC to server Windows 2k clients.

--
Darren J Moffat



Relevant Pages