step by step guide for Windows 2003 Server and MIT Kerberos trust?

Rodney M Dyer rmdyer at
Thu Jun 10 11:28:21 EDT 2004

At 09:41 AM 6/10/2004, Jeffrey Altman wrote:

>This is another reason why I like the cross-realm solution for managing
>non-Windows services.   Let Active Directory manage the Windows based
>services and an MIT KDC manage the non-Windows services.  Use
>cross-realm between the two to obtain the service tickets for the
>non-Windows services.

Right, and I'm finding this solution sucks because Microsoft needs the PAC 
for authorizing anything.  The way things are going it looks like using a 
Microsoft AD for a KDC is the "better" solution if you ever need to use 
Microsoft services from a client that doesn't know about the trust.  In our 
case this is the fate we have run into when trying to truely kerberize 
Exchange, you can't.  I think the whole Kerberos interoperability marketing 
by Microsoft is just a ghost, a facad.  In fact, unless you use AD as the 
KDC in your organization, you are looking at more hurt than help.


More information about the Kerberos mailing list