step by step guide for Windows 2003 Server and MIT Kerberos trust?

Douglas E. Engert deengert at anl.gov
Wed Jun 9 20:18:51 EDT 2004



"D. Schikora" wrote:
> 
> Hallo
> 
> Is there anywhere one guide for Kerberos and Windows 2003 Server. I can only
> find the old one for W2K and I hope there are some changes between W2K and
> W2K3.


Not that I know of.  Note that when you use ktpass command and use the DesOnly
flag, this is saved in the AD. 2000 will the use an enctype of des-cbc-crc, 
where as 2003 will use des-cbc-md5 when generating tickets for a server.
What this means is that you may need to have two keys in a server's keytab if you are 
converting from 2000 to 2003. one for each enctype. They both have the same key, and 
kvno but different enctypes.

(Microsoft should have had two flags.)
 

> 
> thanks
> 
> Dominik
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

-- 

 Douglas E. Engert  <DEEngert at anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444


More information about the Kerberos mailing list