Diff: KerberosNotes

Differences between current version and predecessor to the previous major change of KerberosNotes.

Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History

Newer page: version 5 Last edited on Monday, November 29, 2004 1:29:57 am by HikariCrowther
Older page: version 3 Last edited on Thursday, June 19, 2003 1:01:10 am by PerryLorier Revert
@@ -39,4 +39,12 @@
 to list your keys. if you don't have any keys, you've done something wrong. Good luck finding out what :) (but when you do... Wiki the problem/answer on this page) 
 kadmin.local has a whole heap of useful commands letting you add new users/delete users and change passwords. Neat! 
+You might want avoid mixing [MIT] [KerberosV] and [Heimdal] KerberosV in your network, at least if you intend to use kadmin remotely from your KDC; which, of course, you do, it's the [Proper Way], after all. I've found that using Heimdal's kadmin to talk to your MIT KDC will just hang when you try to execute a command.  
+[Microsoft] has an [Interoprability Guide|] on their website for setting up Windows 2000 and XP Professional to use interactive logins that use the KDC as the authentication source.  
+Unfortunatly this guide is not complete, it fails to mention that [MIT]'s version of [KerberosV] and [Microsoft]'s implementation only share one enctype in common, namely DES-CBC-CRC. This means that when you add a host principle for a Windows machine you will need to use the "-e des-cbc-crc:normal" option to the ank command. Otherwise Windows will try to use its own RC4-HMAC enctype, which is not (currently) supported by MIT KerberosV; it possibly is supported by [Heimdal] [KerberosV].