some cross-realm trust questions
Victor Sudakov
vas at mpeks.no-spam-here.tomsk.su
Fri Jan 7 01:20:03 EST 2011
Mark Pr?hl wrote:
[dd]
> > And BTW how do I figure out what enctypes AD is configured to provide?
> > Is there anything like "kadmin get" for AD?
> >
> In Windows 2008 R2 the encryption types of inter-realm keys can
> be configured with ksetup.exe. Cross realm trusts to kerberos
> realms use rc4 inter realm keys by default. To change this to aes256
> you can use the following command on a domain controller:
> ksetup.exe /SetEncTypeAttr MIT.REALM AES256-CTS-HMAC-SHA1-96
> ("MIT.REALM" is the name of the MIT Kerberos realm)
Thank you, I'll save it for future reference. For the present however
I have to deal with win2000 and win2003 domain controllers. It is
strange that there is no kadmin snapin or any other graphical KDC
administration tool.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
More information about the Kerberos
mailing list