I opened this CR/RFE to trace current discussion upon a future enhancement in kclient utility to support MS AD interop project. The bottom line is, Sun needs to provide an easy-to-configure tool that would help users to configure a Solaris client for domain joining in a MS AD network, without a need to run any MS admin tools in Windows server side. This request was based on customers and marketing's demands. KISS secure needs kerberos team to support it by enhancing kclient and other tools, such as kpasswd, with the feature to set/change-*keys*-and-update-keytab (full support of rfc3244), along with some other minor features from DNS discovery which would lock the found ADS info into a config file, hence the NSS AD backend can get the AD server info from to contact.
The goal is, given kcleint can use the ldap client commands (via SASL/GSSAPI/Krb5) and kpasswd to implement domain joining, all the users need to run to complete the domain join for a Solaris client would be only one command - kclient.
xxxxx@xxxxx.com 2005-06-17 22:53:31 GMT
This is the CR that is the place-holder for PSARC/2007/401 kclient version 2.