Authenticat Kerberos-enabled Linux client at Active Directory
Jeffrey Altman
jaltman2 at nyc.rr.com
Tue Apr 13 10:07:09 EDT 2004
Although a bit dated the Microsoft links
http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/featusability/kerbinop.asp
http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/kerbstep.asp
still provide the most complete documentation on setting up cross-realm
interop that I am aware of. These pages describe Windows 2000 Server
original release and there are changes which have occurred in various
service packs and in Windows 2003 Server. At the moment if you are
going to use cross realm you must restrict the enctypes of the cross
realm service principals to DES-CBC-MD5 and DES-CBC-CRC. Otherwise,
the cross realm communications will not work. Hopefully, a future
service pack for Windows 2003 Server will allow the use of RC4-HMAC
for cross realm but this is not available at the present time.
If you have specific questions, feel free to post them to this list.
Jeffrey Altman
Frank Wu wrote:
> Hello All,
>
> I dowloaded and installed krb5-1.3.3-i686-pc-linux-gnu.tar on RedHat 9,
> and tried to set it up to work with MS Active Directory for
> cross-platform authentication, but without success. Has anyone tried
> this and can point me to the right direction, or to some sites with more
> info on this issue?
>
> Thanks a lot!
> fwu
>
> _________________________________________________________________
> You could be a genius! Find out by taking the IQ Test 2003. $5.50 (incl
> GST). Click here: http://sites.ninemsn.com.au/minisite/testaustralia/
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list