interoperability Win2k/Linux

Booker C. Bense bbense at
Thu Jun 6 14:45:39 EDT 2002

On 6 Jun 2002, francis wrote:

> Hi,
> MIT advice to make a bi-directional cross realm trust.
> But, i want to know if these follow scenarios are possible and
> what are the interoperabilities problems:
> win2k client --> MIT kdc --> win2k service

- Only if the w2k service doesn't use embedded authority
data in the kerberos ticket. I.e. only if you write the service

> win2k client --> MIT kdc --> linux service

- Should work.

> Linux client --> MIT kdc --> win2k service

- Same problem as the first scenario.

- The long and short of it, is that if you want to support W2k
services, you HAVE to run a W2k Active Directory server. You don't
have to keep user passwords in it, but you have to run it.

- Booker C. Bense

More information about the Kerberos mailing list