martes, 20 de diciembre de 2011 17:11
I have the following problem.
At my company we have the TFS server located in a Windows domain and my Linux client located in a different Linux domain.
The security department decided that the Linux domain is allowed to trust kerberos tickets from the Windows domain, but the Windows domain may not trust kerberos tickets from the Linux domain, therefore the kerberos authentication is no longer usable.
The only alternative authentication is to store passwords in plain text, but that is also not allowed by the security department. So, that leaves us with entering the password for every command. Automation scripts for automatic builds no longer work with this.
Does anyone have a good idea on how to get secure authentication set up without Kerberos.
- Editado EZ-Cow martes, 20 de diciembre de 2011 17:12
Todas las respuestas
jueves, 05 de enero de 2012 15:39Propietario
HTTP Negotiate with Kerberos or NTLM are the only supported secure authentication mechanisms in TEE. You might try requesting a ticket-granting ticket for your Windows domain principal direct from the Windows domain controllers, instead of from the Unix Kerberos server. You'll probably need to add the Windows domain and realm to your krb5.conf file, then specify the Windows domain principal when running "kinit" (or however you get your TGT).