KDC Interoperability
IETF RFC 1510 defines the mandatory interoperability requirements of a Kerberos V5 implementation. Although the DCE Security Server can be used as a DCE KDC for Kerberos V5 clients, the following restrictions still apply:
· Algorithms not supported by the DCE KDC are the following:
- DES-CBC-MD5 encryption
- CRC-32 checksum
- DES-MAC checksum
- DES-MAC-K checksum
- DES-MD5 checksum
· Interrealm communication, including transitive trust between a DCE cell and a Kerberos V5 realm, is not supported.
· Kerberos V5 does not support DCE third-party preauthentication. Therefore, a principal is unable to retrieve a TGT from a DCE KDC if the pre_auth_req ERA attached to a principal has a value of 2 (PA-ENC-THIRD-PARTY).
More: