With the introduction of Windows 2003 SP1 it is now possible to use RC4 encryption for Kerberos exchanges between MIT V5 Realms and Active Directory as opposed, now considered to be week, DES protocol. Despite the fact that there a several good resource on the web that provide sufficient information on how to in principal establish trust between AD and MIT V5 Kerberos Realm, most of them were written prior to Windows 2003 SP1 and do not provide information on how to utilize RC4. This walk-through attempts to bridge this gap and provide some specifics as to how to configure the trust to use RC4 encryption. ...

If you ever tried to configure a trust relationship between MIT V5 Realm and AD, I am sure you probably ran into some initial configuration issues and had to look into the krb5kdc.log file to figure out what the issue was. Basically a very typical issue to run into is the fact that AD and MIT Realm could not agree on mutual encryption types and krb5kdc is a good place to find out about this. ...

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm I finally found a very good practical example of demonstrating...