(heimdal.info) Configuring Windows 2000 to use a Heimdal KDC

Info Catalog

(heimdal.info) Windows 2000 compatability

(heimdal.info) Windows 2000 compatability

(heimdal.info) Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC

 
 Configuring Windows 2000 to use a Heimdal KDC
 =============================================
 
 You need the command line program called `ksetup.exe' which is available
 in the file `SUPPORT/TOOLS/SUPPORT.CAB' on the Windows 2000 Professional
 CD-ROM. This program is used to configure the Kerberos settings on a
 Workstation.
 
 `Ksetup' store the domain information under the registry key:
 `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\Kerberos\Domains'.
 
 Use the kadmin program in Heimdal to create a host principal in the
 Kerberos realm.
 
      unix% kadmin
      kadmin> ank -pw password host/datan.my.domain
 
 You must configure the Workstation as a member of a workgroup, as
 opposed to a member in an NT domain, and specify the KDC server of the
 realm as follows:
      C:> ksetup /setdomain MY.REALM
      C:> ksetup /addkdc MY.REALM kdc.my.domain
 
 Set the machine password, i.e. create the local keytab:
      C:> ksetup /setmachpassword password
 
 The workstation must now be rebooted.
 
 A mapping between local NT users and Kerberos principals must be
 specified, you have two choices:
 
      C:> ksetup /mapuser user@MY.REALM nt_user
 
 This will map a user to a specific principal, this allows you to have
 other usernames in the realm than in your NT user database. (Don't ask
 me why on earth you would want that...)
 
 You can also say:
      C:> ksetup /mapuser * *
 The Windows machine will now map any user to the corresponding
 principal, for example `nisse' to the principal `nisse@MY.REALM'.
 (This is most likely what you want.)
 

Info Catalog

(heimdal.info) Windows 2000 compatability

(heimdal.info) Windows 2000 compatability

(heimdal.info) Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC