Unix KDC/Windows2003 crossrealm trust useless for Exchange2003

Jeffrey Altman jaltman2 at nyc.rr.com
Thu Jun 10 15:45:34 EDT 2004

I am not aware of anyone who has been able to get this to work.
I have not spent time analyzing the situation but the fundamental
cause of the problem appears to be a failure either to obtain PAC 
information in the cross-realm service ticket which Exchange requires;
or a failure of the user principal name to belong to a realm in
which Exchange can then lookup additional information within the
Active Directory.

Whichever the cause it does appear that Exchange was designed
to be a Microsoft only solution.

Jeffrey Altman

Subu Ayyagari wrote:
> Is there anyone who has managed to use Exchange2003
> when Windows 2003 domain has a trust with unix Kerberos,
> so that unix KDC provides authentication to all users?
>>From systems that are not part of the windows domain,
> POP and IMAP connectivity to Exchange2003 just do not work.
> OWA works using UPN (user at unixKDCrealm) though.
> Appears the only way would be to have an out-of-band process
> to syncup passwords between unix KDC and Windows ADS.
> and throw out the cross-realm trust.
> Any suggestions/comments?
> -subu
> email: s.ayyagari at xpedite.com
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu

More information about the Kerberos mailing list