[19630] in Kerberos
Re: Windows 2000 Server as KDC
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Tue Jul 22 10:53:55 2003
Message-Id: <200307221452.h6MEqEsG028607@ginger.cmf.nrl.navy.mil>
To: John Rudd <jrudd@ucsc.edu>
In-Reply-To: Message from John Rudd <jrudd@ucsc.edu>
of "Mon, 21 Jul 2003 17:06:35 PDT." <3F1C800B.489E35C5@ucsc.edu>
Date: Tue, 22 Jul 2003 10:52:15 -0400
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
>> an easier solution would be to setup a windows realm for Win2k KDC and a cross re
>alm trust with a linux box in a different realm.
>>
>
>We were doing this (with Solaris, not Linux), but when the bug and fix
>for the cross-realm security hole came out a few months ago, that caused
>it all to break (we need krb4 cross-realm auth because AFS is in the
>picture). So, we're basically running an older un-patched krb524d in
>order to keep things working ... but that doesn't make me comfortable in
>the long run, so I'm looking for other solutions.
So why haven't you switched to a V5 solution for AFS? Lots of people
have done this, and it works just fine, even with cross-realm. This
is assuming you're running a new enough version of OpenAFS, of course.
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
