milkman said:Does anybody know exactly what it means to have a pure Kerberos Active
Directory environment? Sorry if this is text book, but Google isn't helping
me out here.
That's kind of what I was thinking, but I was given the impression that oneHerb Martin said:milkman said:Does anybody know exactly what it means to have a pure Kerberos Active
Directory environment? Sorry if this is text book, but Google isn't helping
me out here.
That is not commonly used as a technical term but one would
presume it would mean an AD Domain where all NTLM or
non-Kerberos authentication (for logons and resource access)
was disabled or otherwise avoided.
Legacy machines such as 9x and NT are dependent on the older
NTLM so at a minimum it would mean none of these machines
were participating in the domain or in resource sharing/access.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Dean Wells said:It may help if you provided the context from which you derived that
verbiage ...
--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
Does anybody know exactly what it means to have a pure Kerberos Active
Directory environment? Sorry if this is text book, but Google isn't
helping me out here.
Thanks!!
I can try. We have an application that apparently works with NTLM
only, so when placed into this particular environment, it would not
function properly. Once we modified the app to work with either NTLM
or Kerberos (using standard Windows APIs), we were OK again. We
would like to set up an environment similar to the environment where
this app originally failed, for research purposes. However, I'm
finding this to not be trivial.
Thanks for the reply. Does this help?
Dean Wells said:It may help if you provided the context from which you derived that
verbiage ...
--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
Does anybody know exactly what it means to have a pure Kerberos
Active Directory environment? Sorry if this is text book, but
Google isn't helping me out here.
Thanks!!
Dean Wells said:... I'm not aware of a central means of achieving that. That's not to
say there isn't one, but if there is I've not heard or read anything of
it. NTLM is used as a fallback _all_ _over_ Windows, disabling it would
likely have an array of undesirable side effects. Certain aspects of it
could be disabled but each would be dependent upon the scenario in which
NTLM was used.
--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
I can try. We have an application that apparently works with NTLM
only, so when placed into this particular environment, it would not
function properly. Once we modified the app to work with either NTLM
or Kerberos (using standard Windows APIs), we were OK again. We
would like to set up an environment similar to the environment where
this app originally failed, for research purposes. However, I'm
finding this to not be trivial.
Thanks for the reply. Does this help?
Dean Wells said:It may help if you provided the context from which you derived that
verbiage ...
--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
milkman wrote:
Does anybody know exactly what it means to have a pure Kerberos
Active Directory environment? Sorry if this is text book, but
Google isn't helping me out here.
Thanks!!