Windows 2000 Server as KDC
Ken Hornstein
kenh at cmf.nrl.navy.mil
Tue Jul 22 10:52:15 EDT 2003
>> an easier solution would be to setup a windows realm for Win2k KDC and a cross re
>alm trust with a linux box in a different realm.
>>
>
>We were doing this (with Solaris, not Linux), but when the bug and fix
>for the cross-realm security hole came out a few months ago, that caused
>it all to break (we need krb4 cross-realm auth because AFS is in the
>picture). So, we're basically running an older un-patched krb524d in
>order to keep things working ... but that doesn't make me comfortable in
>the long run, so I'm looking for other solutions.
So why haven't you switched to a V5 solution for AFS? Lots of people
have done this, and it works just fine, even with cross-realm. This
is assuming you're running a new enough version of OpenAFS, of course.
--Ken
More information about the Kerberos
mailing list