Booker C. Bense
bbense at networking.stanford.edu
Thu Jun 6 14:45:39 EDT 2002
On 6 Jun 2002, francis wrote:
> MIT advice to make a bi-directional cross realm trust.
> But, i want to know if these follow scenarios are possible and
> what are the interoperabilities problems:
> win2k client --> MIT kdc --> win2k service
- Only if the w2k service doesn't use embedded authority
data in the kerberos ticket. I.e. only if you write the service
> win2k client --> MIT kdc --> linux service
- Should work.
> Linux client --> MIT kdc --> win2k service
- Same problem as the first scenario.
- The long and short of it, is that if you want to support W2k
services, you HAVE to run a W2k Active Directory server. You don't
have to keep user passwords in it, but you have to run it.
- Booker C. Bense
More information about the Kerberos