>>How do you get centralized user account management without >>MS Kerberos? >> >> > >Again, MS Kerberos are just extensions to Kerberos, ones supported in new, open source Kerberos 5 servers. > > Ok. Which ones? heimdal? MIT? >If they hadn't, then Samba 3.0 would not be able to act as either a member server in a MS ADS network, >or emultate a MS Kerberos KDC without one. >This has *0* to do with Samba. > > Yeah, I know. But you say Samba could emulate a MS Kerberos and I don't remember see anything about open source Kerberos V implementations such as heimdal or MIT supporting MS Kerberos extensions. So that makes me wonder whether you are trying to say the Samba team is doing their own LDAP and KDC. >There are thousands upon thousands of enterprises running with Novell eDirectory, NsDS, Sun One, etc.. using their own management suite for Windows clients. > > and by installing their own GINA? >In many cases, a few are vastly more experienced, featured and superior IMHO. > >I think what you're looking for is an experience where all the interfaces and schema are emulated to you can run any Microsoft management tools, > > No. I don't care too much about Microsoft management tools so long as there is one under Unix. >tools written explicitly for undocumented MS schema and interfaces. >You're looking at the problem from an impossible solution standpoint. > >That's the problem. > > Could be. That's why I am trying to understand just what part of MS Kerberos can be found in open source Kerberos servers as you say.