Cross-realm trusts w/ MS Windows 2003

Sam Hartman hartmans at MIT.EDU
Mon Aug 18 17:10:02 EDT 2003

>>>>> "Wachdorf," == Wachdorf, Daniel R <drwachd at> writes:

    Wachdorf,> Joseph, We have done extensive testing of Vandyke
    Wachdorf,> Secure CRT (the beta version that supports SSPI) and
    Wachdorf,> Windows SSPI (MS GSSAPI) in a cross realm environment
    Wachdorf,> to both other windows realms and Kerberos realms.  I
    Wachdorf,> initially had the problem that a windows clients using
    Wachdorf,> SSPI would not do GSSAPI authentication to a host in a
    Wachdorf,> trusted foreign Kerberos realm.  After a lot work
    Wachdorf,> talking to Microsoft tech support and even some of the
    Wachdorf,> MS developers, it turns out that Microsoft does not
    Wachdorf,> really support using SSPI to do GSSAPI authentication
    Wachdorf,> to a foreign (Non-MS) MIT realm. 

We do regular interop testing with Microsoft of this functionality.

More information about the krbdev mailing list