2001 FREENIX Track Technical Program

2001 FREENIX Track Technical Program - Abstract

Heimdal and Windows 2000 Kerberos—How to Get Them to Play Together

Assar Westerlund, Swedish Institute of Computer Science, and Johan Danielsson, Center for Parallel Computers, KTH

Abstract

As a practical means of achieving better security and single sign-on, the Kerberos network authentication system has been in wide use in the Unix world for many years.

Microsoft has included its own implementation in Windows 2000, replacing the NTLM authentication system from older Windows NT versions. This facilitates sharing account information between Unix and Windows machines, as there is no need to keep different passwords.

Although Microsoft's Kerberos implementation mostly follows the specification, there are a number of deviations and extensions, not all of which are well documented. Consequently, it is not always obvious how to fit Windows 2000 clients and servers into an existing Kerberos environment. In this paper we discuss the differences between the two systems and describe how we got our Kerberos implementation, Heimdal, to work with Windows 2000.

View the full text of this paper in HTML form, PDF form, and PostScript form.
If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
To become a USENIX Member, please see our Membership Information.

Need help? Use our Contacts page.

Last changed: 13 Feb 2002 ml

Technical Program

Conference index

USENIX home