step by step guide for Windows 2003 Server and MIT Kerberos trust?

Douglas E. Engert deengert at
Wed Jun 9 20:18:51 EDT 2004

"D. Schikora" wrote:
> Hallo
> Is there anywhere one guide for Kerberos and Windows 2003 Server. I can only
> find the old one for W2K and I hope there are some changes between W2K and
> W2K3.

Not that I know of.  Note that when you use ktpass command and use the DesOnly
flag, this is saved in the AD. 2000 will the use an enctype of des-cbc-crc, 
where as 2003 will use des-cbc-md5 when generating tickets for a server.
What this means is that you may need to have two keys in a server's keytab if you are 
converting from 2000 to 2003. one for each enctype. They both have the same key, and 
kvno but different enctypes.

(Microsoft should have had two flags.)

> thanks
> Dominik
> ________________________________________________
> Kerberos mailing list           Kerberos at


 Douglas E. Engert  <DEEngert at>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444

More information about the Kerberos mailing list