headers
Mantas Mikulėnas | 10 Oct 2011 15:35
Favicon
Gravatar

NetBSD wiki: /kerberos/web_browser/

This is a contribution for
<http://wiki.netbsd.org/kerberos/web_browser/>, section "Internet Explorer".

Parts of this are already present in
<http://www.netbsd.org/docs/network/#win2k>, although that section is
incomplete.

Windows is very Active Directory-oriented, but its Kerberos protocol is
[more-or-less] standard and can use non-AD services. It's not at all
"easy" or "convenient", however; installing MIT Kerberos and Firefox is
a better choice.

First, configuration. The 'ksetup' tool will be useful; for XP it can be
installed from Windows 2003 Support Tools (download). 'regedit' can be
used as a last resort. Also, 'klist' will be necessary; it comes with
Windows 2003 Resource Kit. More recent Windows versions appear to have
both tools preinstalled.

1. Add KDCs (*optional* -- SRV records are sufficient):

    ksetup /addkdc NETBSD.ORG kerberos.netbsd.org

2. Set realm flags (optional, but useful for TCP and other stuff):

    ksetup /addrealmflags NETBSD.ORG tcpsupported ncsupported delegate

  "tcpsupported" - self-explanatory.

  With "delegate", servers will always be trusted for delegation
  regardless of whether they have "ok-as-delegate" principal flag
(Continue reading)

Permalink | Reply |
headers
Amitai Schlair | 10 Oct 2011 19:18

Re: NetBSD wiki: /kerberos/web_browser/

On Mon, Oct 10, 2011 at 9:35 AM, Mantas Mikulėnas
<grawity <at> nullroute.eu.org> wrote:

> This is a contribution for
> <http://wiki.netbsd.org/kerberos/web_browser/>, section "Internet Explorer".

Thank you very much for the detailed contribution! If I'm reading it
right, your instructions are for the native Kerberos implementation,
and therefore should also affect the "Windows XP" section of
<URL:http://wiki.netbsd.org/kerberos/system/>?

We'll try out these steps and then get your documentation integrated
into the wiki.

- Amitai
Permalink | Reply |

Gmane