Volgende: FreeBSD Omhoog: LDAP Clients Vorige: Linux Inhoudsopgave
Using an MIT KDC with a Standalone Windows 2000 Workstation
For the Windows 2000 workstation to use a Kerberos KDC, you must configure
both the Kerberos KDC server and the workstation as described next.
To configure the Kerberos KDC server and the Windows 2000 workstation
1. Run the Ksetup utility to configure the Kerberos KDC server and
realm (for details, see the Ksetup section later in this document).
* In the Kerberos realm, create a host principal for the computer.
Use the command:
Kadmin ?q ?ank ?pw password host/machine-name.dns-domain_name?
For example, if the Windows 2000 workstation name is W2KW and
the Kerberos realm name is REALM.RESKIT.COM, the principal name is
host/w2kw.realm.reskit.com.
Kadmin is a utility that is part of the MIT Kerberos distribution.
* Since a Kerberos realm is not a Windows 2000 domain, the computer
must be configured as a member of a workgroup. This is automatic
when you set the Kerberos realm and add a KDC server as follows:
C:> Ksetup /setdomain REALM.RESKIT.COM
C:> Ksetup /addkdc REALM.RESKIT.COM kdc.realm.reskit.com
* Set the local machine account password, as follows:
C:> Ksetup /setmachpassword password
2. Restart your computer for the changes to take effect.
(This is a required step.) Whenever changes are made to the
external KDC and realm configuration, a restart is required.
3. Use Ksetup to configure single sign on to local workstation
accounts. Define the account mappings; this will map local
machine accounts to Kerberos principals. For example:
C:> Ksetup /mapuser auser@REALM.RESKIT.COM guest C:> Ksetup /mapuser * *
Note that the second command maps clients to local accounts of the
same name.
4. Use Ksetup with no arguments to see the current settings. (Note
that the KDC server[s] is not shown.)