On Sun, Mar 19, 2006 at 02:27:39PM -0800, Adam D. Morley wrote: > MS AD provides MIT-ish KDC support, or so I hear. I've never used it > from the UNIX side, but I do know that Windows clients will willingly > talk to a UNIX KDC, and I'm told the reverse is true.
Yes, you can authenticate against Active Directory using Kerberos. There are some minor caveats (mostly regarding encryption algorithms), but as far as the Unix-clients are concerned it's just Kerberos. I've got some AIX boxes authenticating against Active Directory, even password changing from the AIX side works. To get back to OpenBSD: this means that you can authenticate to Active Directory using Kerberos. Services for Unix aren't necessarily needed. -- Jurjen Oskam
