[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AD Cross Realm Trust Integration


We're currently looking at increasing the session and ticket encryption
types for our Unix-based Kerberos clients (command-line and GSSAPI-based
client/web clients) up to AES.

One of our issues is to continue to support the cross-realm authentication
with Windows KDCs on campus.  As far as I know, Microsoft's KDC's support
DES and RC4 and that's it.

So I'm curious as to how others are handling this particular situation:

1) Manually keeping Microsoft-dependent tickets encrypted at only DES

2) Having multiple encryption types per service ticket

3) Running separate Unix and Microsoft KDCs

4) ???

Any advice or experience would be appreciated

John Harris
Campus Data Center Administrator
University of California, Davis