Hi, perharps you can have a look on www.centrify.com which provide a interop SSO between Windows/Unix/linux based on Kerberos...
sylvain -- Sylvain Cortes MVP GPOs - http://www.gpomasters.com PROCHAINE REUNION DE LA COMMUNAUTEE ACTIVE DIRECTORY LE 29 JANVIER - INSCRIPTION SUR WWW.CADIM.ORG Rejoignez la communauté Active Directory et Identity Management !!! http://www.cadim.org "Eswar S" <[EMAIL PROTECTED]> a écrit dans le message de news:[EMAIL PROTECTED] >>> Hi, >>> >>> >>> Using Mit Kerberos how can I support SSO? > >>You can obtain your tickets during the windows logon process from your >>domain controller and then access them from KFW aware applications by >>setting the default ccache to MSLSA: or by permitting Network Identity >>Manager to synchronize the MSLSA: cache contents with an API: cache. >>> > > > >>> Is it possible to update Microsoft cache? How can I make other >>> kerberised >>> application to use cache file which is generated by my application. > >>On Vista the MSLSA: cache is read-write provided you do not use the >>binaries provided by MIT. >>KFW 3.2.2 was built incorrectly and the MIT distribution treats the >>Vista MSLSA: cache as read-only. > > I want to update/add my credentials to Microsoft (windows XP & VISTA > &win2k prof) cache. So Other then Vista I can't Update credentials to > "MSLSA:" > > How we can support SSO with Kerberos TGT. how all other products is > able to do this. > > They are maintaining their own clients for supporting SSO? > > > Here my problem is all client should use my cache data which is > generated by my application those should not use Microsoft login > cache (MSLAS :). > Or else > If it is possible I should able to update MSLSA: cache. > > Is there any other way to support SSO? > > >>> I mean when I got credentials (TGT) from KDC, I will store to cache >>> file. >>> I will set it as default cache. >>Ok. Then all KFW aware applications that do not specify a ccache will >>use those credentials. > > > > **************************************************************************** > *********** > This e-mail and attachments contain confidential information from HUAWEI, > which is intended only for the person or entity whose address is listed > above. Any use of the information contained herein in any way (including, > but not limited to, total or partial disclosure, reproduction, or > dissemination) by persons other than the intended recipient's) is > prohibited. If you receive this e-mail in error, please notify the sender > by > phone or email immediately and delete it! > > > > > > Message: 6 > Date: Fri, 25 Jan 2008 18:52:32 -0500 > From: Jeffrey Altman <[EMAIL PROTECTED]> > Subject: Re: support SSO in Windows with Keberos TGT > To: [EMAIL PROTECTED] > Cc: kerberos@mit.edu > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > Eswar S wrote: >> Hi, >> >> >> Using Mit Kerberos how can I support SSO? > You can obtain your tickets during the windows logon process from your > domain controller and then access them from KFW aware applications by > setting the default ccache to MSLSA: or by permitting Network Identity > Manager to synchronize the MSLSA: cache contents with an API: cache. >> >> Is it possible to update Microsoft cache? How can I make other kerberised >> application to use cache file which is generated by my application. > On Vista the MSLSA: cache is read-write provided you do not use the > binaries provided by MIT. > KFW 3.2.2 was built incorrectly and the MIT distribution treats the > Vista MSLSA: cache as read-only. >> >> I mean when I got credentials (TGT) from KDC, I will store to cache file. > I >> will set it as default cache. > Ok. Then all KFW aware applications that do not specify a ccache will > use those credentials. >> >> My doubt is how all are supporting SSO using Kerberos tokens. >> >> How can I update Microsoft cache? Is it possible? >> >> Please help me in this regard. I will be waiting for your reply. >> >> Thanks and Regards, >> Eswar S >> >> > **************************************************************************** >> *********** >> This e-mail and attachments contain confidential information from HUAWEI, >> which is intended only for the person or entity whose address is listed >> above. Any use of the information contained herein in any way (including, >> but not limited to, total or partial disclosure, reproduction, or >> dissemination) by persons other than the intended recipient's) is >> prohibited. If you receive this e-mail in error, please notify the sender > by >> phone or email immediately and delete it! >> >> >> >> >> >> ________________________________________________ >> Kerberos mailing list Kerberos@mit.edu >> https://mailman.mit.edu/mailman/listinfo/kerberos > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: smime.p7s > Type: application/x-pkcs7-signature > Size: 3355 bytes > Desc: S/MIME Cryptographic Signature > Url : > http://mailman.mit.edu/pipermail/kerberos/attachments/20080125/c2c10e18/smim > e-0001.bin > > ------------------------------ > > Message: 7 > Date: Fri, 25 Jan 2008 21:09:20 -0500 > From: "Matt Smith" <[EMAIL PROTECTED]> > Subject: Re: [lib]kadm on Windows? > To: "Russ Allbery" <[EMAIL PROTECTED]> > Cc: kerberos@mit.edu > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=UTF-8 > > On Jan 25, 2008 6:28 PM, Russ Allbery <[EMAIL PROTECTED]> wrote: >> >> That's the bit that I was referring to where I hadn't had a chance to >> include the patch yet. I'm hoping to get it into the next release, >> although I don't yet have a plan for when that will be. >> > > I'll probably start digging into this in about a month. If it will help > any, I'll report back anything I find. Is there a preferred forum for > remctl discussion? > > Thank you, > -Matt > -- > [EMAIL PROTECTED] > Key ID:D6EEC5B5 > > > ------------------------------ > > _______________________________________________ > Kerberos mailing list > Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > > > End of Kerberos Digest, Vol 61, Issue 35 > **************************************** > > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
