[33066] in Kerberos
Re: some cross-realm trust questions
daemon@ATHENA.MIT.EDU (Victor Sudakov)
Fri Jan 7 10:04:21 2011
From: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>
Date: Fri, 7 Jan 2011 06:20:03 +0000 (UTC)
Message-ID: <ig6baj$2gfk$1@relay.tomsk.ru>
X-Complaints-To: noc@sibptus.tomsk.ru
X-Comment-To: Mark Pr?hl <mark@mproehl.net>
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Mark Pr?hl wrote:
[dd]
> > And BTW how do I figure out what enctypes AD is configured to provide?
> > Is there anything like "kadmin get" for AD?
> >
> In Windows 2008 R2 the encryption types of inter-realm keys can
> be configured with ksetup.exe. Cross realm trusts to kerberos
> realms use rc4 inter realm keys by default. To change this to aes256
> you can use the following command on a domain controller:
> ksetup.exe /SetEncTypeAttr MIT.REALM AES256-CTS-HMAC-SHA1-96
> ("MIT.REALM" is the name of the MIT Kerberos realm)
Thank you, I'll save it for future reference. For the present however
I have to deal with win2000 and win2003 domain controllers. It is
strange that there is no kadmin snapin or any other graphical KDC
administration tool.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
