Lines Matching full:windows
4 @node Windows compatibility, Programming with Kerberos, Kerberos 4 issues, Top
6 @chapter Windows compatibility
8 Microsoft Windows, starting from version 2000 (formerly known as Windows NT 5), implements Kerberos…
10 issues between Heimdal and various Windows versions.
12 The big problem with the Kerberos implementation in Windows
20 * Configuring Windows to use a Heimdal KDC::
21 * Inter-Realm keys (trust) between Windows and a Heimdal KDC::
25 * Quirks of Windows 2000 KDC::
26 * Useful links when reading about the Windows::
29 …ode Configuring Windows to use a Heimdal KDC, Inter-Realm keys (trust) between Windows and a Heimd…
31 @section Configuring Windows to use a Heimdal KDC
33 …Windows Support Tools, available from either the installation CD-ROM (@file{SUPPORT/TOOLS/SUPPORT.…
82 The Windows machine will now map any user to the corresponding principal,
86 …ealm keys (trust) between Windows and a Heimdal KDC, Create account mappings, Configuring Windows …
88 @section Inter-Realm keys (trust) between Windows and a Heimdal KDC
92 Install Windows, and create a new controller (Active Directory
100 You need to tell Windows on what hosts to find the KDCs for the
101 non-Windows realm with @command{ksetup}, see @xref{Configuring Windows
107 Then you need to add the inter-realm keys on the Windows KDC@. Start the
112 Add on the appropriate trust windows and enter domain name and
113 password. When prompted if this is a non-Windows Kerberos realm, press
127 no encryption type stronger than the one configured on Windows side for this
129 Windows, nor any Kerberos 4 salted hashes, as Windows does not seem to
134 @item Windows 2000: maximum encryption type is DES
135 @item Windows 2003: maximum encryption type is DES
136 @item Windows 2003RC2: maximum encryption type is RC4, relationship defaults to DES
137 @item Windows 2008: maximum encryption type is AES, relationship defaults to RC4
140 For Windows 2003RC2, to change the trust encryption type, you have to use the
141 @command{ktpass}, from the Windows 2003 Resource kit *service pack2*, available
148 For Windows 2008, the same operation can be done with the @command{ksetup}, installed by default.
164 And if needed, to remove unsupported encryptions, such as the following ones for a Windows 2003RC2 …
175 never sent to the non-Windows KDC.
177 …ppings, Encryption types, Inter-Realm keys (trust) between Windows and a Heimdal KDC, Windows comp…
187 non-Windows domain.
194 @node Encryption types, Authorisation data, Create account mappings, Windows compatibility
198 Windows 2000 supports both the standard DES encryptions (@samp{des-cbc-crc} and
206 @node Authorisation data, Quirks of Windows 2000 KDC, Encryption types, Windows compatibility
210 The Windows 2000 KDC also adds extra authorisation data in tickets.
234 @node Quirks of Windows 2000 KDC, Useful links when reading about the Windows, Authorisation data, …
236 @section Quirks of Windows 2000 KDC
238 There are some issues with salts and Windows 2000. Using an empty salt---which is the only one tha…
242 required. Microsoft have fixed this issue post Windows 2003.
266 @node Useful links when reading about the Windows, , Quirks of Windows 2000 KDC, Windows compatibi…
268 @section Useful links when reading about the Windows
281 Kerberos GSS-API (in Windows-eze SSPI), Windows as a client in a
282 non-Windows KDC realm, adding unix clients to a Windows 2000 KDC, and
283 adding cross-realm trust (@pxref{Inter-Realm keys (trust) between Windows
286 @item Windows 2000 Kerberos Authentication:
288 White paper that describes how Kerberos is used in Windows 2000.
294 @c @item Klist for Windows:
296 @c Describes where to get a klist for Windows 2000.
314 @uref{http://www.bindview.com/Support/RAZOR/Utilities/Windows/pwdump2_readme.cfm}@end itemize