(Optional) Enable a Windows Host to Communicate to a UNIX KDC

Your environment may have a Windows workstation that is not part of a Windows domain. The workstation must be able to communicate with the UNIX KDC. Use the Windows ksetup command-line tool to configure this set up.
sm1252sp1
Your environment may have a Windows workstation that is not part of a Windows domain. The workstation must be able to communicate with the UNIX KDC. Use the Windows
ksetup
command-line tool to configure this set up.
Follow these steps
:
  1. In the Kerberos realm, create a host principal for the Windows host. Use the following kadmin command:
    addprinc host/
    machine-name
    .dns-domain_name
    For example, if the Windows workstation name is w2kw and the Kerberos realm is EXAMPLE.COM, the principal name is host/w2kw.example.com.
  2. Configure the Windows host as a member of a workgroup because it is not in a Windows domain:
    1. Remove the host from the Windows domain.
    2. Add the test user, for example, testkrb, to the local user database.
    3. Add the Kerberos realm by entering:
      ksetup /SetRealm EXAMPLE.COM
    4. Restart the Windows host.
  3. Add the KDC by entering:
     ksetup /addkdc EXAMPLE.COM rhasmit
  4. Set a new password by entering:
    ksetup /setmachpassword 
    password
    This password is same as the one used while creating the host principal account in the MIT KDC.
  5. Restart the host.
  6. Set the Realm Flag by entering:
    ksetup /SetRealmFlags EXAMPLE.COM delegate
  7. Run the AddKpasswd command by entering:
    ksetup /AddKpasswd EXAMPLE.COM rhasmit
  8. Use ksetup to configure single sign-on to local workstation accounts by defining the account mappings between the Windows host accounts to Kerberos principals. For example:
    ksetup /mapuser [email protected] testkrb
    ksetup /mapuser * *
    The second command maps clients to local accounts of the same name. Use the ksetup command with no arguments to see the current settings.