Interoperability with Microsoft KDC using AES
Nicolas Williams
Nicolas.Williams at sun.com
Wed May 30 16:05:32 EDT 2007
On Tue, May 29, 2007 at 02:21:30PM -0700, Ankur Upadhyaya wrote:
> Based on what I have read so far, I understand that only DES encryption
> can be used if client and server principals using MIT Kerberos 5 are to
> interoperate with a Microsoft Windows Server 2000 or 2003 Active Directory
> KDC.
The common enctypes between Windows 2k/2003/XP and MIT/Heimdal krb5 and
derivatives are the 1DES enctypes and the rc4-hmac-md5 enctypes.
The common enctypes between Windows Vista and MIT/Heimdal krb5 and
derivatives are the 1DES enctypes, the rc4-hmac-md5 enctypes, and the
AES entypes.
The only enctypes not supported by any version of Windows but which are
supported by others are the 3DES enctypes, and noone should cry about
that.
There are no enctypes currently supported by Windows but not by others'
current releases.
Solaris 10, for example, interops fine with Windows Vista KDCs using all
enctypes in common (1DES, RC4, and AES).
Nico
--
More information about the krbdev
mailing list