Filter
Top Products
Interoperability with Windows 2000
Special Considerations for Interoperability
Chapter 460
Special Considerations for Interoperability
You must consider the following issues related to interoperability with
Windows 2000 implementations.
Database Considerations
Your network can contain more than one server, but only one master
copy of the database is propagated to all secondary security servers. In a
Windows 2000 Kerberos implementation, an enterprise can contain more
than one domain controller, and each domain controller contains a
writable copy of the database. Therefore, the two Kerberos
implementations cannot share the same database.
You cannot propagate database entries between Kerberos servers and
Windows 2000 domain controllers. Do not attempt to set a Windows 2000
domain controller as a secondary security server to a Kerberos primary
security server, or vice versa.
Encryption Considerations
In the Kerberos authentication protocol, critical information is never
sent in clear text over the network. Instead, the information is encrypted
using a specified algorithm. Although the Kerberos server supports
3DES encryption, Windows 2000 requires DES encryption when it
interoperates with other Kerberos implementations. Thus, principals in
these realms that want to access resources in Windows 2000 domains
must use a DES key type.
Postdated Tickets
The Kerberos server and client supports postdated tickets, but the
Windows 2000 domain controller and client do not. If you use postdated
tickets to run batch procedures over time, be sure the procedure does not
need access to Windows 2000 services.