DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

(heimdal.info.gz) Quirks of Windows 2000 KDC

Info Catalog (heimdal.info.gz) Authorisation data (heimdal.info.gz) Windows 2000 compatability (heimdal.info.gz) Useful links when reading about the Windows 2000
 
 8.6 Quirks of Windows 2000 KDC
 ==============================
 
 There are some issues with salts and Windows 2000.  Using an empty
 salt--which is the only one that Kerberos 4 supported, and is therefore
 known as a Kerberos 4 compatible salt--does not work, as far as we can
 tell from out experiments and users' reports.  Therefore, you have to
 make sure you keep around keys with all the different types of salts
 that are required.  Microsoft have fixed this issue post Windows 2003.
 
 Microsoft seems also to have forgotten to implement the checksum
 algorithms `rsa-md4-des' and `rsa-md5-des'. This can make Name mapping
 ( Create account mappings) fail if a `des-cbc-md5' key is used.
 To make the KDC return only `des-cbc-crc' you must delete the
 `des-cbc-md5' key from the kdc using the `kadmin del_enctype' command.
 
      kadmin del_enctype lha des-cbc-md5
 
 You should also add the following entries to the `krb5.conf' file:
 
      [libdefaults]
      	default_etypes = des-cbc-crc
      	default_etypes_des = des-cbc-crc
 
 These configuration options will make sure that no checksums of the
 unsupported types are generated.
 
Info Catalog (heimdal.info.gz) Authorisation data (heimdal.info.gz) Windows 2000 compatability (heimdal.info.gz) Useful links when reading about the Windows 2000
automatically generated byinfo2html