(heimdal.info) Configuring Windows 2000 to use a Heimdal KDC
Info Catalog
(heimdal.info) Windows 2000 compatability
(heimdal.info) Windows 2000 compatability
(heimdal.info) Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC
Configuring Windows 2000 to use a Heimdal KDC
=============================================
You need the command line program called `ksetup.exe' which is available
in the file `SUPPORT/TOOLS/SUPPORT.CAB' on the Windows 2000 Professional
CD-ROM. This program is used to configure the Kerberos settings on a
Workstation.
`Ksetup' store the domain information under the registry key:
`HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\Kerberos\Domains'.
Use the kadmin program in Heimdal to create a host principal in the
Kerberos realm.
unix% kadmin
kadmin> ank -pw password host/datan.my.domain
You must configure the Workstation as a member of a workgroup, as
opposed to a member in an NT domain, and specify the KDC server of the
realm as follows:
C:> ksetup /setdomain MY.REALM
C:> ksetup /addkdc MY.REALM kdc.my.domain
Set the machine password, i.e. create the local keytab:
C:> ksetup /setmachpassword password
The workstation must now be rebooted.
A mapping between local NT users and Kerberos principals must be
specified, you have two choices:
C:> ksetup /mapuser user@MY.REALM nt_user
This will map a user to a specific principal, this allows you to have
other usernames in the realm than in your NT user database. (Don't ask
me why on earth you would want that...)
You can also say:
C:> ksetup /mapuser * *
The Windows machine will now map any user to the corresponding
principal, for example `nisse' to the principal `nisse@MY.REALM'.
(This is most likely what you want.)
Info Catalog
(heimdal.info) Windows 2000 compatability
(heimdal.info) Windows 2000 compatability
(heimdal.info) Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC
automatically generated byinfo2html