step by step guide for Windows 2003 Server and MIT Kerberos trust?
Douglas E. Engert
deengert at anl.gov
Wed Jun 9 20:18:51 EDT 2004
"D. Schikora" wrote:
> Is there anywhere one guide for Kerberos and Windows 2003 Server. I can only
> find the old one for W2K and I hope there are some changes between W2K and
Not that I know of. Note that when you use ktpass command and use the DesOnly
flag, this is saved in the AD. 2000 will the use an enctype of des-cbc-crc,
where as 2003 will use des-cbc-md5 when generating tickets for a server.
What this means is that you may need to have two keys in a server's keytab if you are
converting from 2000 to 2003. one for each enctype. They both have the same key, and
kvno but different enctypes.
(Microsoft should have had two flags.)
> Kerberos mailing list Kerberos at mit.edu
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
More information about the Kerberos