DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH
 

(heimdal.info.gz) Configuring Windows 2000 to use a Heimdal KDC

Info Catalog (heimdal.info.gz) Windows 2000 compatability (heimdal.info.gz) Windows 2000 compatability (heimdal.info.gz) Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC 
 
 8.1 Configuring Windows 2000 to use a Heimdal KDC
 =================================================
 
 You need the command line program called `ksetup.exe' which is available
 in the file `SUPPORT/TOOLS/SUPPORT.CAB' on the Windows 2000 Professional
 CD-ROM. This program is used to configure the Kerberos settings on a
 Workstation.
 
 `Ksetup' store the domain information under the registry key:
 `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\Kerberos\Domains'.
 
 Use the `kadmin' program in Heimdal to create a host principal in the
 Kerberos realm.
 
      unix% kadmin
      kadmin> ank --password=password host/datan.example.com
 
 The name `datan.example.com' should be replaced with DNS name of the
 workstation.
 
 You must configure the workstation as a member of a workgroup, as
 opposed to a member in an NT domain, and specify the KDC server of the
 realm as follows:
      C:> ksetup /setdomain EXAMPLE.COM
      C:> ksetup /addkdc EXAMPLE.COM kdc.example.com
 
 Set the machine password, i.e. create the local keytab:
      C:> ksetup /SetComputerPassword password
 
 The password used in `ksetup /setmachpassword' must be the same as the
 password used in the `kadmin ank' command.
 
 The workstation must now be rebooted.
 
 A mapping between local NT users and Kerberos principals must be
 specified.  You have two choices. First:
 
      C:> ksetup /mapuser user@MY.REALM nt_user
 
 This will map a user to a specific principal; this allows you to have
 other usernames in the realm than in your NT user database. (Don't ask
 me why on earth you would want that....)
 
 You can also say:
      C:> ksetup /mapuser * *
 The Windows machine will now map any user to the corresponding
 principal, for example `nisse' to the principal `nisse@MY.REALM'.
 (This is most likely what you want.)
Info Catalog (heimdal.info.gz) Windows 2000 compatability (heimdal.info.gz) Windows 2000 compatability (heimdal.info.gz) Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC
automatically generated byinfo2html