oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

better on win2k+salting

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8832 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
2000-07-26 12:16:28 +00:00
parent 7fd04f5964
commit fd7ec71eff
1 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
doc/win2k.texi
View File

@@ -110,16 +110,8 @@ OK.
Do not forget to add trusts in both directions. Do not forget to add trusts in both directions.
You also need to add the inter-realm keys to the Heimdal kdc. There are You also need to add the inter-realm keys to the Heimdal KDC. There are
some tweaks that you need to do to @file{krb5.conf} beforehand. some tweaks that you need to do to @file{krb5.conf} beforehand.
Since Windows 2000 does not seem to understand Kerberos 4 salted hashes you
might need to turn off anything similar to the following if you have it:
@example
[kadmin]use_v4_salt=yes
@end example
You must also set:
@example @example
[libdefaults] [libdefaults]
@@ -130,6 +122,17 @@ You must also set:
since otherwise checksum types that are not understood by Windows 2000 since otherwise checksum types that are not understood by Windows 2000
will be generated (@xref{Quirks of Windows 2000 KDC}.). will be generated (@xref{Quirks of Windows 2000 KDC}.).
Another issue is salting. Since Windows 2000 does not seem to
understand Kerberos 4 salted hashes you might need to turn off anything
similar to the following if you have it, at least while adding the
principals that are going to share keys with Windows 2000.
@example
[kadmin]use_v4_salt=yes
@end example
You must also set:
@comment XXX Should add [kadmin]default_keys = des3:pw-salt des:pw-salt des:pw-salt: ? @comment XXX Should add [kadmin]default_keys = des3:pw-salt des:pw-salt des:pw-salt: ?
Once that is also done, you can add the required inter-realm keys: Once that is also done, you can add the required inter-realm keys: