[23771] in Kerberos

home help back first fref pref prev next nref lref last post

AD Cross Realm Trust Integration

daemon@ATHENA.MIT.EDU (John Harris)
Tue Apr 26 12:23:41 2005

Date: Mon, 25 Apr 2005 11:09:40 -0700 (PDT)
From: John Harris <harris@ucdavis.edu>
To: kerberos@mit.edu
Message-ID: <Pine.GSO.4.58.0504251105380.8511@tsurnami.ucdavis.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: kerberos-bounces@mit.edu

Greetings,

We're currently looking at increasing the session and ticket encryption
types for our Unix-based Kerberos clients (command-line and GSSAPI-based
client/web clients) up to AES.

One of our issues is to continue to support the cross-realm authentication
with Windows KDCs on campus.  As far as I know, Microsoft's KDC's support
DES and RC4 and that's it.

So I'm curious as to how others are handling this particular situation:

1) Manually keeping Microsoft-dependent tickets encrypted at only DES

2) Having multiple encryption types per service ticket

3) Running separate Unix and Microsoft KDCs

4) ???

Any advice or experience would be appreciated

John Harris
Campus Data Center Administrator
University of California, Davis
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post