Lines Matching +full:inter +full:- +full:data
5 @comment node-name, next, previous, up
21 * Inter-Realm keys (trust) between Windows and a Heimdal KDC::
24 * Authorisation data::
29 @node Configuring Windows to use a Heimdal KDC, Inter-Realm keys (trust) between Windows and a Heim…
30 @comment node-name, next, precious, up
33 …es with the Windows Support Tools, available from either the installation CD-ROM (@file{SUPPORT/TO…
43 kadmin> ank --password=password host/datan.example.com
86 @node Inter-Realm keys (trust) between Windows and a Heimdal KDC, Create account mappings, Configur…
87 @comment node-name, next, precious, up
88 @section Inter-Realm keys (trust) between Windows and a Heimdal KDC
90 See also the Step-by-Step guide from Microsoft, referenced below.
95 By default the trust will be non-transitive. This means that only users
101 non-Windows realm with @command{ksetup}, see @xref{Configuring Windows
104 This needs to be done on all computers that want enable cross-realm
107 Then you need to add the inter-realm keys on the Windows KDC@. Start the
113 password. When prompted if this is a non-Windows Kerberos realm, press
125 You also need to add the inter-realm keys to the Heimdal KDC. But take
132 Here are the version-specific needed information:
151 C:> ksetup /SetEncTypeAttre EXAMPLE.COM AES256-SHA1
155 inter-realm keys, using heimdal default encryption types:
167 kadmin del_enctype krbtgt/REALM.EXAMPLE.COM@@NT.EXAMPLE.COM aes256-cts-hmac-sha1-96
168 kadmin del_enctype krbtgt/REALM.EXAMPLE.COM@@NT.EXAMPLE.COM des3-cbc-sha1
169 kadmin del_enctype krbtgt/NT.EXAMPLE.COM@@EXAMPLE.COM aes256-cts-hmac-sha1-96
170 kadmin del_enctype krbtgt/NT.EXAMPLE.COM@@EXAMPLE.COM des3-cbc-sha1
173 Do not forget to reboot before trying the new realm-trust (after
175 never sent to the non-Windows KDC.
177 @node Create account mappings, Encryption types, Inter-Realm keys (trust) between Windows and a Hei…
178 @comment node-name, next, precious, up
183 Alt-V), and select Advanced Features. Right click on the user that you
187 non-Windows domain.
194 @node Encryption types, Authorisation data, Create account mappings, Windows compatibility
195 @comment node-name, next, previous, up
198 Windows 2000 supports both the standard DES encryptions (@samp{des-cbc-crc} and
199 @samp{des-cbc-md5}) and its own proprietary encryption that is based on MD4 and
201 @file{draft-brezak-win2k-krb-rc4-hmac-03.txt}. New users will get both
206 @node Authorisation data, Quirks of Windows 2000 KDC, Encryption types, Windows compatibility
207 @comment node-name, next, previous, up
208 @section Authorisation data
210 The Windows 2000 KDC also adds extra authorisation data in tickets.
212 this data is only available under a ``secret'' license from Microsoft,
215 A simple way of getting hold of the data to be able to understand it
226 @item Run @kbd{appl/test/nt_gss_server -p 2000 -s authsamp
227 @kbd{--dump-auth}=@var{file}} where @var{file} is an appropriate file.
228 @item It should authenticate and dump for you the authorisation data in
231 analysing the data.
234 @node Quirks of Windows 2000 KDC, Useful links when reading about the Windows, Authorisation data, …
235 @comment node-name, next, previous, up
238 There are some issues with salts and Windows 2000. Using an empty salt---which is the only one tha…
239 as a Kerberos 4 compatible salt---does not work, as far as we can tell
245 algorithms @samp{rsa-md4-des} and @samp{rsa-md5-des}. This can make Name
246 mapping (@pxref{Create account mappings}) fail if a @samp{des-cbc-md5} key
247 is used. To make the KDC return only @samp{des-cbc-crc} you must delete
248 the @samp{des-cbc-md5} key from the kdc using the @kbd{kadmin
252 kadmin del_enctype lha des-cbc-md5
259 default_etypes = des-cbc-crc
260 default_etypes_des = des-cbc-crc
267 @comment node-name, next, previous, up
279 @item Step-by-Step Guide to Kerberos 5 (krb5 1.0) Interoperability:
281 Kerberos GSS-API (in Windows-eze SSPI), Windows as a client in a
282 non-Windows KDC realm, adding unix clients to a Windows 2000 KDC, and
283 adding cross-realm trust (@pxref{Inter-Realm keys (trust) between Windows