On Jun 4, 2005, at 11:27 AM, Jeffrey Altman wrote:
The MIT Kerberos team worked with the Microsoft Windows Security team
to make sure that RC4-HMAC could be used for cross-realm authentication
by Windows Server specificly because of the concerns you raise. DES
keys are very weak and if they must be used because that is all that is
supported, then they keys must be replaced on a very regular basis
until such time as they no longer need to be used.
With 2003 Server SP1 there should no longer be a reason to use DES keys
for anything but compatibility with Java 1.5 and earlier.
Has anyone had success with this? I just tried to use RC4-HMAC for a
cross-realm trust with Server 2003 SP1, and it didn't work. I could
only get the trust to work with a DES key.
Do you know if Microsoft has any of this documented anywhere? I didn't
see any mention of this in the "Windows Server 2003 Service Pack 1 list
of updates"
I'm hoping there's just a registry setting that needs to be made to
enable this...
Thanks,
Brian Davidson
George Mason University
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
