I would say test it out in the lab. I recall the people I
used to work with who were doing Kerberos integration ran into something on one
of the kerberos newgroups somewhere where one of the HP kerberos guys
admitted to it not working because they only supported the old DES-CBC-CRC.
Here is one link I found on it
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet
Sent: Monday, August 02, 2004 11:10 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Kerberos error
Are
you saying that upgrading our DCs to server 2003 will break HPUX kerberos
clients? We are planning the 2k3 upgrade soon, but we are also testing kerberos
for our HPUX/SAP servers.
Can
you point me to any more information about this?
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, August 02, 2004 9:49 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Kerberos errorI don't believe 3DES is available. And also with K3, DES-CBC-CRC I believe was dropped which from what I understand impacts people running the kerberos package running on HPUX machines.joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Flesher
Sent: Monday, August 02, 2004 10:20 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Kerberos errorWe had many errors on both sides that led to the problem. It has been fixed. Thanks for the ideas and pointers. They were helpful in helping us come to a solution.One thing that sticks out is that only DES encryption is working between w2k3 and the kerberos realm. Does anyone know if this is a "feature", or if in face 3DES can work for the authentication?
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Sunday, August 01, 2004 11:44 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Kerberos errorI have never tried to set up a connection to an external kerberos realm but the thing that sticks out to me in that event is the disparity between the client and server time. Your client is showing that it is almost thanksgiving according to that...joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Flesher
Sent: Friday, July 30, 2004 4:30 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Kerberos errorI'm trying to get pass-thru authentication to work with an external Kerberos realm. I am getting this error. I think I have things set up right, but I've been known to fudge things. Does anyone know what this might mean?Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 3
Date: 7/30/2004
Time: 3:28:19 PM
User: N/A
Computer: KWAME-TURE
Description:
A Kerberos Error Message was received:
on logon session
Client Time: 15:49:18.0000 11/7/2004 Z
Server Time: 20:28:19.0000 7/30/2004 Z
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN
Extended Error:
Client Realm: NSCBETA.UCHICAGO.EDU
Client Name: cflesher
Server Realm: NSCBETA.UCHICAGO.EDU
Server Name: krbtgt/UCHICAGO.LOCAL
Target Name: krbtgt/[EMAIL PROTECTED]
Error Text: UNKNOWN_SERVER
File: 9
Line: ab8
Error Data is in record data.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.Chris FlesherThe University of ChicagoNSIT/DCS1-773-834-8477
