AD Cross Realm Trust Integration
John Harris
harris at ucdavis.edu
Mon Apr 25 14:09:40 EDT 2005
Greetings,
We're currently looking at increasing the session and ticket encryption
types for our Unix-based Kerberos clients (command-line and GSSAPI-based
client/web clients) up to AES.
One of our issues is to continue to support the cross-realm authentication
with Windows KDCs on campus. As far as I know, Microsoft's KDC's support
DES and RC4 and that's it.
So I'm curious as to how others are handling this particular situation:
1) Manually keeping Microsoft-dependent tickets encrypted at only DES
2) Having multiple encryption types per service ticket
3) Running separate Unix and Microsoft KDCs
4) ???
Any advice or experience would be appreciated
John Harris
Campus Data Center Administrator
University of California, Davis
More information about the Kerberos
mailing list