>>Right, but you got me interested in whether an actual open source
>>solution to native Windows MS-Kerberos account management exists when
>>you say that Samba 3.0 could be an ADS DC.
>
>
> To a point. You do _not_ have to have any MS ADS DC on your network to
> do a lot, trust me. The problem is that most people assume the only
> way. It's quite the opposite -- it's putting MS in charge, and that's
> something you want to avoid or segment.
I just want Kerberos. I am not interested in the LDAP part of ADS.
>
>
>>and native MS account management on Unix?
>
>
> By "native" -- what do you mean?
centralized Kerberos account management that Windows 2000/XP clients
will accept in domain mode.
> You mean 100% MS schema in their LDAP?
Forget LDAP.
> Again, that's going to be awhile.
Yes, i know the openldap guys have not shown much interest in adding
MS-LDAP rpc stuff.
>
> Now the Samba team has their own, both CLI (net) and additional projects
> are out there. But that's still looking at it "narrow-mindedly."
eh?
>
> Consider, for a moment, an entire Windows enterprise that relies on an
> open-backend, like NsDS, Sun One, etc...? Heck, even Novell eDirectory.
> Novell has a lot of management tools for Windows, some work pretty damn
> good too (like Xen).
That requires a different GINA right?
>
> But even that aside, you can do quite a bit with NsDS (or OpenLDAP),
> Samba 3.0's added schema and RPC functions, and SASL/Kerberos for the
> password store. But if you expect it to support all the nuiances and
> all the little schema that are in all sorts of MS services (like MS SQL,
> Exchange, etc...), that's going to be a _long_time_.
>
> But don't think you have to have a native MS ADS DC to manage Windows
> clients -- not at all!
>
Right, so what open source option(s) do we have to single-logon
Kerberos? (please assume apps are also kerberosized)
