[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AD Cross Realm Trust Integration

To: heimdal-discuss@sics.se
Subject: AD Cross Realm Trust Integration
From: John Harris <harris@ucdavis.edu>
Date: Mon, 25 Apr 2005 11:16:02 -0700 (PDT)
Sender: owner-heimdal-discuss@sics.se

Greetings,

We're currently looking at increasing the session and ticket encryption
types for our Unix-based Kerberos clients (command-line and GSSAPI-based
client/web clients) up to AES.

One of our issues is to continue to support the cross-realm authentication
with Windows KDCs on campus.  As far as I know, Microsoft's KDC's support
DES and RC4 and that's it.

So I'm curious as to how others are handling this particular situation:

1) Manually keeping Microsoft-dependent tickets encrypted at only DES

2) Having multiple encryption types per service ticket

3) Running separate Unix and Microsoft KDCs

4) ???

Any advice or experience would be appreciated

John Harris
Campus Data Center Administrator
University of California, Davis

Prev by Date: Re: heimdal 0.7pre2
Next by Date: Re: heimdal 0.7pre2
Prev by thread: Re: OpenLDAP schema for Heimdal
Next by thread: Re: AD Cross Realm Trust Integration
Index(es):
- Date
- Thread