Interoperability with Microsoft KDC using AES
Russ Allbery
rra at stanford.edu
Tue May 29 20:18:00 EDT 2007
Ankur Upadhyaya <ankur at ca.ibm.com> writes:
> Based on what I have read so far, I understand that only DES encryption
> can be used if client and server principals using MIT Kerberos 5 are to
> interoperate with a Microsoft Windows Server 2000 or 2003 Active
> Directory KDC.
No, RC4 encryption types also work fine right now.
> As of Windows Server 2008, however, Microsoft will support 256-bit AES
> encryption for its Kerberos implementation. Does anybody have any
> information on whether or not MIT Kerberos 5 principals will be able to
> interoperate with this Microsoft KDC using 256-bit AES encryption (or
> anything stronger than DES)?
Yes, they will.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list