[EMAIL PROTECTED] wrote: > Tunneling sounds like the best option. > > We have over 500 Windows 2000 and Windows 2003 domain > controllers (KDCs in Active Directory), that we don't want to have > to modify or install new software on. These domain controllers > (KDCs) do have SSL properly configured, so I suppose, we could > tunnel the AS-REQ and AS-REP inside of SSL. I'll try this unless > anyone knows of a better way, keeping in mind no major changes > can be made to these Domain Controllers. > > Thanks! >
I'm not sure how you would force all AS-REQ and AS-REP across an SSL tunnel. If you are this concerned, you should probably require IPSec when talking to your Domain controllers. Jeffrey Altman -- ----------------- This e-mail account is not read on a regular basis. Please send private responses to jaltman at mit dot edu ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
