AD Cross Realm Trust Integration

John Harris harris at ucdavis.edu
Mon Apr 25 14:09:40 EDT 2005


Greetings,

We're currently looking at increasing the session and ticket encryption
types for our Unix-based Kerberos clients (command-line and GSSAPI-based
client/web clients) up to AES.

One of our issues is to continue to support the cross-realm authentication
with Windows KDCs on campus.  As far as I know, Microsoft's KDC's support
DES and RC4 and that's it.

So I'm curious as to how others are handling this particular situation:

1) Manually keeping Microsoft-dependent tickets encrypted at only DES

2) Having multiple encryption types per service ticket

3) Running separate Unix and Microsoft KDCs

4) ???

Any advice or experience would be appreciated

John Harris
Campus Data Center Administrator
University of California, Davis


More information about the Kerberos mailing list