[Freeipa-users] Windows Kerberos auth to IPA
Christian Horn
chorn at fluxcoil.net
Tue Oct 14 07:12:54 UTC 2008
On Tue, Oct 14, 2008 at 09:52:18AM +1000, Johan Venter wrote:
>
> So to recap, if you want Windows to log into an IPA Kerberos realm,
> generate keytabs with keys in less secure encryptions (yay, go Windows)
> - no AES, no 3DES, Windows (at least Server 2003) does not support them.
Havent used it but apparently windows 2008 / vista supports aes128/256
for domainmembers ( aes128-cts-hmac-sha1-96 / aes256-cts-hmac-sha1-96 ):
http://technet.microsoft.com/en-us/library/cc771132.aspx
Christian
More information about the Freeipa-users
mailing list