5.7: Kerberos interoperability

5.7 Kerberos interoperability

As mentioned earlier in this chapter, Kerberos is an open standard that is implemented on different platforms. Because of this Kerberos can be used as an SSO solution between Windows and other platforms.

5.7.1 Non-Windows Kerberos implementations

Table 5.14 lists other Kerberos implementations and the platforms on which they are available.

Table 5.14: Non-Windows Kerberos Implementations
Kerberos Implementation	Platform
MIT Kerberos v1.1	NetBSD
CyberSafe TrustBroker	UNIX, MVS, Windows 95, NT4
Sun SEAM	Solaris
DCE Kerberos (IBM)	AIX, OS/390
Computer Associates Kerberos [Platinum (OpenVision)]	Windows 95, 3.1, 3.11
Kerberos PAM	Linux, HP-UX
Heimdal	UNIX

5.7.2 Comparing Windows Kerberos to other implementations

Before going into the details of the interoperability scenarios, it is interesting to look at what makes Windows 2000 and Windows Server 2003 Kerberos different from the other implementations. The Microsoft implementation of Kerberos is different in the following ways:

It is tightly integrated with the Windows 2000 and Windows Server 2003 OS kernel: Every Windows 2000 and Windows Server 2003 system runs the Kerberos Security Support Provider (SSP) and every DC has a KDC service.
Kerberos principals locate the KDC using DNS. Windows 2000 and Windows Server 2003 DNS includes special SRV records that provide the location of a Kerberos KDC.
MS implemented the RC4-HMAC encryption algorithm (56/128 bit keys) as the preferred Kerberos encryption type. MS still supports DES-CBC-CRC and DES-CBC-MD5 (56-bit keys) for interoperability reasons. See Section 5.4.3 for more information about this.
The MS implementation does not support the MD4...

< Previous Excerpt Next Excerpt >

Purchase This Book

Windows Server 2003 Security Infrastructures

TABLE OF CONTENTS

5.7: Kerberos interoperability