Re: Single signon with kerberos option/directions
From: Eric Chamberlain (eric_james_chamberlain_at_hotmail.com)
Date: 02/07/04
- Next message: Drew Cooper [MSFT]: "Re: EventLog - Writing to Application Log"
- Previous message: Roger Abell [MVP]: "Re: EventLog - Writing to Application Log"
- In reply to: Rob McShinsky: "Single signon with kerberos option/directions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 7 Feb 2004 11:16:04 -0800
Rob,
We have a successful external Kerberos realm implementation, most of the
implementation is documented on our website http://calnetad.berkeley.edu
"Rob McShinsky" <Rob@McShinsky.com> wrote in message
news:uUbr$ED7DHA.3648@TK2MSFTNGP11.phx.gbl...
> I was wondering if anyone knows or has any contacts to anyone that may
have
> integrated a secondary Kerberos realm into their Active Directory Domain.
> Here at Dartmouth Hitch*** Medical Center I am heading the option of
Single
> sign-on with many of our major applications. The factors I am faced with,
> are below:
>
> A. 2 Large Accounts Directories. - Active Directory and a homegrown User
> Directory based on Oracle.
> B. 1 MIT v4 KDC (Controls Kerberos Authentication to our Clinical
> Information System and Mail Client). Could be upgraded to v5.
> C. Microsoft KDC (Controls Authentication to our Windows Domain services.)
>
> The Current working Definition of what we want to happen is below:
> ...We need to be able to have either a shared external KDC that our
Windows
> Domain 2000/XP, other down-level clients, and other non-Microsoft
operating
> system or non-domain clients can use seamlessly.
>
> OR
>
> ...We need to have 2 KDC's. One for our Windows Domain 2000/XP clients and
> one for other down-level clients, and other non-Microsoft operating system
> or non-domain clients. The two tickets need to be an either or option. We
> realize if this were the path, NT clients on the domain may have two
logons.
> We would prefer the first option, but facts are a little fuzzy right now,
> hence why I am contacting you to see if you have any knowledge or any
> contacts at Microsoft, or know of any clients that have done similar
> approaches. We would like this to be a Server Centric design and not
client
> centric like many of the products out there now.
>
> We have much more detail on this, but instead giving you the full project
> plan in and email, maybe this can get the ball rolling.
> Thanks for any help or direction to someone that may be able to help.
>
> Robert B. McShinsky Jr.
> Dartmouth Hitch*** Medical Center
> 1 Medical Center Drive
> Lebanon, NH 03756
> Windows Server Administration
> 603.650.5543
>
>
- Next message: Drew Cooper [MSFT]: "Re: EventLog - Writing to Application Log"
- Previous message: Roger Abell [MVP]: "Re: EventLog - Writing to Application Log"
- In reply to: Rob McShinsky: "Single signon with kerberos option/directions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
