Cross-realm trusts w/ MS Windows 2003
Wachdorf, Daniel R
drwachd at sandia.gov
Mon Aug 18 18:34:05 EDT 2003
Do you mean using Windows SSPI or the Windows MIT GSSAPI?
From: Sam Hartman [mailto:hartmans at mit.edu]
Sent: Monday, August 18, 2003 3:10 PM
To: Wachdorf, Daniel R
Cc: 'Joseph Galbraith'; Douglas E. Engert; krbdev at mit.edu
Subject: Re: Cross-realm trusts w/ MS Windows 2003
>>>>> "Wachdorf," == Wachdorf, Daniel R <drwachd at sandia.gov> writes:
Wachdorf,> Joseph, We have done extensive testing of Vandyke
Wachdorf,> Secure CRT (the beta version that supports SSPI) and
Wachdorf,> Windows SSPI (MS GSSAPI) in a cross realm environment
Wachdorf,> to both other windows realms and Kerberos realms. I
Wachdorf,> initially had the problem that a windows clients using
Wachdorf,> SSPI would not do GSSAPI authentication to a host in a
Wachdorf,> trusted foreign Kerberos realm. After a lot work
Wachdorf,> talking to Microsoft tech support and even some of the
Wachdorf,> MS developers, it turns out that Microsoft does not
Wachdorf,> really support using SSPI to do GSSAPI authentication
Wachdorf,> to a foreign (Non-MS) MIT realm.
We do regular interop testing with Microsoft of this functionality.
More information about the krbdev