Cross-realm trusts w/ MS Windows 2003
Sam Hartman
hartmans at MIT.EDU
Mon Aug 18 17:10:02 EDT 2003
>>>>> "Wachdorf," == Wachdorf, Daniel R <drwachd at sandia.gov> writes:
Wachdorf,> Joseph, We have done extensive testing of Vandyke
Wachdorf,> Secure CRT (the beta version that supports SSPI) and
Wachdorf,> Windows SSPI (MS GSSAPI) in a cross realm environment
Wachdorf,> to both other windows realms and Kerberos realms. I
Wachdorf,> initially had the problem that a windows clients using
Wachdorf,> SSPI would not do GSSAPI authentication to a host in a
Wachdorf,> trusted foreign Kerberos realm. After a lot work
Wachdorf,> talking to Microsoft tech support and even some of the
Wachdorf,> MS developers, it turns out that Microsoft does not
Wachdorf,> really support using SSPI to do GSSAPI authentication
Wachdorf,> to a foreign (Non-MS) MIT realm.
We do regular interop testing with Microsoft of this functionality.
More information about the krbdev
mailing list