DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

(heimdal.info) Quirks of Windows 2000 KDC

Info Catalog (heimdal.info) Authorization data (heimdal.info) Windows 2000 compatability (heimdal.info) Useful links when reading about the Windows 2000
 
 Quirks of Windows 2000 KDC
 ==========================
 
 There are some issues with salts and Windows 2000.  Using an empty salt,
 which is the only one that Kerberos 4 supported and is therefore known
 as a Kerberos 4 compatible salt does not work, as far as we can tell
 from out experiments and users reports.  Therefore, you have to make
 sure you keep around keys with all the different types of salts that are
 required.
 
 Microsoft seems also to have forgotten to implement the checksum
 algorithms `rsa-md4-des' and `rsa-md5-des'. This can make Name mapping
 ( Create account mappings) fail if a `des-cbc-md5' key is used.
 To make the KDC return only `des-cbc-crc' you must delete the
 `des-cbc-md5' key from the kdc using the `kadmin del_enctype' command.
 
      kadmin del_enctype lha des-cbc-md5
 
 You should also add the following entries to the `krb5.conf' file:
 
      [libdefaults]
      	default_etypes = des-cbc-crc
      	default_etypes_des = des-cbc-crc
 
 These configuration options will make sure that no checksums of the
 unsupported types are generated.
 
Info Catalog (heimdal.info) Authorization data (heimdal.info) Windows 2000 compatability (heimdal.info) Useful links when reading about the Windows 2000
automatically generated byinfo2html