some cross-realm trust questions
Victor Sudakov
vas at mpeks.no-spam-here.tomsk.su
Tue Dec 28 12:02:45 EST 2010
Russ Allbery wrote:
[dd]
> > But it still escapes me how on earth I will end up with
> > krbtgt/UNIX.REALM at WINDOWS.REALM and krbtgt/WINDOWS.REALM at UNIX.REALM
> > having the same key. There is nothing in the above articles about
> > exporting and importing keytabs.
> You use a password. Enter the same password on both sides when creating
> the key, and then be sure to remove any extraneous enctypes on the Heimdal
> side that AD isn't configured to provide.
Do you mean to say that the key derivation algorithm is the same in
Heimdal and in MS AD? The same password will yield the same key
anywhere, in any Kerberos implementation?
And BTW how do I figure out what enctypes AD is configured to provide?
Is there anything like "kadmin get" for AD?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
More information about the Kerberos
mailing list