[27828] in Kerberos
Re: Interoperability with Microsoft KDC using AES
daemon@ATHENA.MIT.EDU (Russ Allbery)
Tue May 29 20:18:24 2007
From: Russ Allbery <rra@stanford.edu>
To: Ankur Upadhyaya <ankur@ca.ibm.com>
In-Reply-To: <OF563F7C80.153FC0CA-ON882572EA.0080A221-882572EA.0080C691@ca.ibm.com>
(Ankur Upadhyaya's message of "Tue, 29 May 2007 16:26:06 -0700")
Date: Tue, 29 May 2007 17:18:00 -0700
Message-ID: <874plvuptz.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Ankur Upadhyaya <ankur@ca.ibm.com> writes:
> Based on what I have read so far, I understand that only DES encryption
> can be used if client and server principals using MIT Kerberos 5 are to
> interoperate with a Microsoft Windows Server 2000 or 2003 Active
> Directory KDC.
No, RC4 encryption types also work fine right now.
> As of Windows Server 2008, however, Microsoft will support 256-bit AES
> encryption for its Kerberos implementation. Does anybody have any
> information on whether or not MIT Kerberos 5 principals will be able to
> interoperate with this Microsoft KDC using 256-bit AES encryption (or
> anything stronger than DES)?
Yes, they will.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
