Interoperability with Microsoft KDC using AES

Russ Allbery rra at
Tue May 29 20:18:00 EDT 2007

Ankur Upadhyaya <ankur at> writes:

> Based on what I have read so far, I understand that only DES encryption
> can be used if client and server principals using MIT Kerberos 5 are to
> interoperate with a Microsoft Windows Server 2000 or 2003 Active
> Directory KDC.

No, RC4 encryption types also work fine right now.

> As of Windows Server 2008, however, Microsoft will support 256-bit AES
> encryption for its Kerberos implementation.  Does anybody have any
> information on whether or not MIT Kerberos 5 principals will be able to
> interoperate with this Microsoft KDC using 256-bit AES encryption (or
> anything stronger than DES)?

Yes, they will.

Russ Allbery (rra at             <>

More information about the Kerberos mailing list