[33066] in Kerberos

home help back first fref pref prev next nref lref last post

Re: some cross-realm trust questions

daemon@ATHENA.MIT.EDU (Victor Sudakov)
Fri Jan 7 10:04:21 2011

From: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>
Date: Fri, 7 Jan 2011 06:20:03 +0000 (UTC)
Message-ID: <ig6baj$2gfk$1@relay.tomsk.ru>
X-Complaints-To: noc@sibptus.tomsk.ru
X-Comment-To: Mark Pr?hl <mark@mproehl.net>
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Mark Pr?hl wrote:

[dd]

> > And BTW how do I figure out what enctypes AD is configured to provide?
> > Is there anything like "kadmin get" for AD?
> >
> In Windows 2008 R2 the encryption types of inter-realm keys can
> be configured with ksetup.exe.  Cross realm trusts to kerberos
> realms use rc4 inter realm keys by default. To change this to aes256
> you can use the following command on a domain controller:

>      ksetup.exe /SetEncTypeAttr MIT.REALM AES256-CTS-HMAC-SHA1-96

> ("MIT.REALM" is the name of the MIT Kerberos realm)

Thank you, I'll save it for future reference. For the present however
I have to deal with win2000 and win2003 domain controllers. It is
strange that there is no kadmin snapin or any other graphical KDC
administration tool.

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post