Differences between current version and previous revision of KerberosNotes.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 5 | Last edited on Monday, November 29, 2004 1:29:57 am | by HikariCrowther | |
Older page: | version 4 | Last edited on Monday, November 29, 2004 1:15:19 am | by HikariCrowther | Revert |
@@ -40,9 +40,11 @@
----
kadmin.local has a whole heap of useful commands letting you add new users/delete users and change passwords. Neat!
+----
+You might want avoid mixing [MIT] [KerberosV] and [Heimdal] KerberosV in your network, at least if you intend to use kadmin remotely from your KDC; which, of course, you do, it's the [Proper Way], after all. I've found that using Heimdal's kadmin to talk to your MIT KDC will just hang when you try to execute a command.
----
-Microsoft has an [Interoprability Guide|http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdp_log_tjil.asp] on their website for setting up Windows 2000 and XP Professional to use interactive logins that use the KDC as the authentication source.
+[
Microsoft]
has an [Interoprability Guide|http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdp_log_tjil.asp] on their website for setting up Windows 2000 and XP Professional to use interactive logins that use the KDC as the authentication source.
-Unfortunatly this guide is not complete, it fails to mention that MIT's version of KerberosV and Microsoft's implementation only share one enctype in common, namely DES-CBC-CRC. This means that when you add a host principle for a Windows machine you will need to use the "-e des-cbc-crc:normal" option to the ank command. Otherwise Windows will try to use its own RC4-HMAC enctype, which is not (currently) supported by MIT KerberosV; it possibly is supported by Heimdal KerberosV.
+Unfortunatly this guide is not complete, it fails to mention that [
MIT]
's version of [
KerberosV]
and [
Microsoft]
's implementation only share one enctype in common, namely DES-CBC-CRC. This means that when you add a host principle for a Windows machine you will need to use the "-e des-cbc-crc:normal" option to the ank command. Otherwise Windows will try to use its own RC4-HMAC enctype, which is not (currently) supported by MIT KerberosV; it possibly is supported by [
Heimdal] [
KerberosV]
.