Two places
I can think to look are:
http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp#heading6
and
http://web.mit.edu/kerberos/www/
Larry A. Duncan, MCSA/MCSE
Solutions Architect, CompTrends
Consulting
[EMAIL PROTECTED]
http://www.comptrends.com/
ph. 615.598.0241
DMOZ: Systems_Management/Installers
LAUNCHCast Radio: 1237556939
Columnist: myITForum.com
Author: Windows &
.NET Magazine
-----Original
Message-----
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brad Martin
Sent: Monday, December 30, 2002
12:59 PM
To: Active Directory Mailing List
Subject: [ActiveDir] Kerberos for
Trusts
This
may be beyond the scope of this list, but I figured I’d try. Microsoft
does not use Kerberos authentication between domains in different, trusted,
Forests (bad Microsoft!), it uses NTLM. I’ve heard that it is possible to
set up the KDC to act like a MIT Realm and use Kerberos as the authentication
for a trust between domains in different forests, but I can’t find any white
papers to back this up. Does anyone know if it is indeed possible to do
this, or is my information bad and I’m stuck using NTLM?
Brad
Martin
Go
Daddy Software
[EMAIL PROTECTED]
480.505.8800
ext. 250
