Cross-realm trusts w/ MS Windows 2003

Wachdorf, Daniel R drwachd at
Mon Aug 18 18:34:05 EDT 2003

Do you mean using Windows SSPI or the Windows MIT GSSAPI?

-----Original Message-----
From: Sam Hartman [mailto:hartmans at] 
Sent: Monday, August 18, 2003 3:10 PM
To: Wachdorf, Daniel R
Cc: 'Joseph Galbraith'; Douglas E. Engert; krbdev at
Subject: Re: Cross-realm trusts w/ MS Windows 2003

>>>>> "Wachdorf," == Wachdorf, Daniel R <drwachd at> writes:

    Wachdorf,> Joseph, We have done extensive testing of Vandyke
    Wachdorf,> Secure CRT (the beta version that supports SSPI) and
    Wachdorf,> Windows SSPI (MS GSSAPI) in a cross realm environment
    Wachdorf,> to both other windows realms and Kerberos realms.  I
    Wachdorf,> initially had the problem that a windows clients using
    Wachdorf,> SSPI would not do GSSAPI authentication to a host in a
    Wachdorf,> trusted foreign Kerberos realm.  After a lot work
    Wachdorf,> talking to Microsoft tech support and even some of the
    Wachdorf,> MS developers, it turns out that Microsoft does not
    Wachdorf,> really support using SSPI to do GSSAPI authentication
    Wachdorf,> to a foreign (Non-MS) MIT realm. 

We do regular interop testing with Microsoft of this functionality.

More information about the krbdev mailing list