From fd7ec71eff8f265191eef286c2a4c1319e2cfe04 Mon Sep 17 00:00:00 2001 From: Assar Westerlund Date: Wed, 26 Jul 2000 12:16:28 +0000 Subject: [PATCH] better on win2k+salting git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8832 ec53bebd-3082-4978-b11e-865c3cabbd6b --- doc/win2k.texi | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/doc/win2k.texi b/doc/win2k.texi index 50a079779..db8677d71 100644 --- a/doc/win2k.texi +++ b/doc/win2k.texi @@ -110,16 +110,8 @@ OK. Do not forget to add trusts in both directions. -You also need to add the inter-realm keys to the Heimdal kdc. There are +You also need to add the inter-realm keys to the Heimdal KDC. There are some tweaks that you need to do to @file{krb5.conf} beforehand. -Since Windows 2000 does not seem to understand Kerberos 4 salted hashes you -might need to turn off anything similar to the following if you have it: - -@example - [kadmin]use_v4_salt=yes -@end example - -You must also set: @example [libdefaults] @@ -130,6 +122,17 @@ You must also set: since otherwise checksum types that are not understood by Windows 2000 will be generated (@xref{Quirks of Windows 2000 KDC}.). +Another issue is salting. Since Windows 2000 does not seem to +understand Kerberos 4 salted hashes you might need to turn off anything +similar to the following if you have it, at least while adding the +principals that are going to share keys with Windows 2000. + +@example + [kadmin]use_v4_salt=yes +@end example + +You must also set: + @comment XXX Should add [kadmin]default_keys = des3:pw-salt des:pw-salt des:pw-salt: ? Once that is also done, you can add the required inter-realm keys: