Interoperability with Microsoft KDC using AES

Todd Stecher tstecher at
Tue May 29 17:35:42 EDT 2007

On May 29, 2007, at 2:21 PM, Ankur Upadhyaya wrote:

> Based on what I have read so far, I understand that only DES  
> encryption
> can be used if client and server principals using MIT Kerberos 5  
> are to
> interoperate with a Microsoft Windows Server 2000 or 2003 Active  
> Directory
> KDC.


> As of Windows Server 2008, however, Microsoft will support 256-bit AES
> encryption for its Kerberos implementation.  Does anybody have any
> information on whether or not MIT Kerberos 5 principals will be  
> able to
> interoperate with this Microsoft KDC using 256-bit AES encryption (or
> anything stronger than DES)?

If this didn't happen, someone at MS is asleep at the wheel (right  
larry / JK?).  In truth, when I left, AES interop was one of the top  
priorities of the Windows team, and they've been contributing heavily  
to the AES standard.

(In fact, support for an AES Kerberos client may already be in Vista.)

> _______________________________________________
> krbdev mailing list             krbdev at


More information about the krbdev mailing list