Share via


Interoperability with RFC-1510 Kerberos implementations

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Interoperability with RFC-1510 Kerberos implementations

Kerberos V5 is designed for interoperability with other security services that are based on the RFC-1510 Kerberos reference implementation.

Windows Server 2003 family supports two types of Kerberos V5 interoperability:

  • A trust relationship can be established between a domain and an MIT-based Kerberos realm. This means that a client in a Kerberos realm can authenticate to an Active Directory directory service domain to access network resources in that domain.

  • Within a domain, UNIX clients and servers can have Active Directory accounts and therefore obtain authentication from a domain controller.

Kerberos V5 interoperates with other RFC-1510 implementations of the Kerberos protocol in the following ways:

  • A domain controller can provide authentication for client systems running implementations of RFC-1510 Kerberos, including clients running an operating system other than Windows XP Professional or Windows 2000.

  • Windows XP Professional systems can authenticate to a Kerberos V5 server within a realm, with single sign-on to both the server and a local Windows XP Professional account.

  • Client applications for Win32 and operating systems other than Windows XP Professional that are based on the General Security Service Application program Interface (GSS API) can obtain session tickets for services within a domain.

For more information, see the Step-by-Step Guide to Kerberos 5 (krb5 1.0) Interoperability on the Microsoft Web site and the Kerberos Network Authentication Service (V5).

Note