some cross-realm trust questions

[Victor Sudakov]

Nicolas Williams wrote:
> > 1. If a cross-realm trust is configured, do the realms' KDCs ever have to
> > exchange any traffic between each other?

> No, they do not.

That's great, but at least at the initialization stage, how is a
shared key for the corresponding krbtgt principals transferred between
the two KDCs?

The Windows "New Trust" wizard just asks for a password and never
offers to export a keytab or anything.

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/