Windows Kerberos Tools
Up to now, this chapter has presented Kerberos largely from a Linux perspective. Kerberos, though, is a cross-platform tool, and you can use it to help integrate Linux and Windows systems. You can use Windows in any of the main Kerberos roles (KDC, application server, or client).
Windows Kerberos Implementations
Broadly speaking, three approaches to Kerberos are possible under Windows:
- Microsoft’s Kerberos implementation
Microsoft provides a Kerberos implementation as part of Windows 200x/XP (but not Windows XP Home). As described in Section 9.1.4, Microsoft’s Kerberos implementation deviates from others, which can make using it with a non-Microsoft KDC tricky. In the Section 9.5.3, some pointers for using Microsoft’s Kerberos clients with non-Microsoft KDCs are presented.
- Conventional non-Microsoft Kerberos implementations
You can obtain non-Microsoft Kerberos implementations for Windows. For instance, a Windows binary version of MIT Kerberos (http://web.mit.edu/kerberos/) is available for all versions of Windows since Windows 98. (Windows 95 and earlier are not supported.) This tool can be configured and used much like Linux versions of Kerberos. The main difference is that configuration file locations differ. Most importantly, instead of editing
/etc/krb5.conf, you edit
C:\WINDOWS\krb5.ini. (This file may reside in another directory if you installed Windows to a directory other than
C:\WINDOWS.) This package also includes a GUI tool called Leash, which manages ...