Randolph Morgan <ran...@chem.byu.edu> writes: > We are running a mixed environment network. However, all of our > authentication is performed via LDAP, we do not have an AD on our > network, nor do we have any Windows servers, all of our servers are > running RHEL. We are working on implementing a new authentication > server that is running FreeIPA, but would like to do single sign-on via > Kerberos. I have been reading posts for the better part of two weeks > and can not find instructions that work, on how to get Windows (XP - 10) > to authenticate via Kerberos.
There used to be various workarounds that would let you do this, but when we asked Microsoft about it, they said it was officially unsupported and very likely to break. I think subsequent releases of Windows may have broken it. I believe the only supported way to get a Windows system to use Kerberos for its integrated login is to join the host to a domain (whether AD or Samba). You can, of course, run Kerberos software on unjoined Windows hosts, get tickets, and authenticate to Kerberos services without any trouble. The problems arise when you want the core OS stuff to use Kerberos directly, since I believe all of that is effectively gated on being domain-joined. -- Russ Allbery (ea...@eyrie.org) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
