Penguin
Recent Changes
Diff: KerberosNotes
EditPageHistoryDiffInfoLikePages

Differences between current version and previous revision of KerberosNotes.

Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History

Newer page: version 5 Last edited on Monday, November 29, 2004 1:29:57 am by HikariCrowther
Older page: version 4 Last edited on Monday, November 29, 2004 1:15:19 am by HikariCrowther Revert
@@ -40,9 +40,11 @@
  
 ---- 
 kadmin.local has a whole heap of useful commands letting you add new users/delete users and change passwords. Neat! 
  
+----  
+You might want avoid mixing [MIT] [KerberosV] and [Heimdal] KerberosV in your network, at least if you intend to use kadmin remotely from your KDC; which, of course, you do, it's the [Proper Way], after all. I've found that using Heimdal's kadmin to talk to your MIT KDC will just hang when you try to execute a command.  
  
 ---- 
-Microsoft has an [Interoprability Guide|http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdp_log_tjil.asp] on their website for setting up Windows 2000 and XP Professional to use interactive logins that use the KDC as the authentication source. 
+[ Microsoft] has an [Interoprability Guide|http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdp_log_tjil.asp] on their website for setting up Windows 2000 and XP Professional to use interactive logins that use the KDC as the authentication source. 
  
-Unfortunatly this guide is not complete, it fails to mention that MIT's version of KerberosV and Microsoft's implementation only share one enctype in common, namely DES-CBC-CRC. This means that when you add a host principle for a Windows machine you will need to use the "-e des-cbc-crc:normal" option to the ank command. Otherwise Windows will try to use its own RC4-HMAC enctype, which is not (currently) supported by MIT KerberosV; it possibly is supported by Heimdal KerberosV. 
+Unfortunatly this guide is not complete, it fails to mention that [ MIT] 's version of [ KerberosV] and [ Microsoft] 's implementation only share one enctype in common, namely DES-CBC-CRC. This means that when you add a host principle for a Windows machine you will need to use the "-e des-cbc-crc:normal" option to the ank command. Otherwise Windows will try to use its own RC4-HMAC enctype, which is not (currently) supported by MIT KerberosV; it possibly is supported by [ Heimdal] [ KerberosV]