Kerberos

  • Thread starter Thread starter Aza
  • Start date Start date
A

Aza

Is it possible for me to allow only Kerberos
authentication for the clients? In other words, no pre
2000 clients can connect to the 2000 domain. TIA
 
That is not possible for normal network access. You could however implement ipsec
"require" policies on a domain computer and only domain/forest computers that are
ipsec aware and are able to negotiate ipsec with those computers could gain access
since by default ipsec uses kerberos for computer authentication. Keep in mind
however that domain computers can not negotiate ipsec communications with domain
controllers which must be exempt from any such ipsec policy by their static IP
addresses. The links below give more information on ipsec. --- Steve

http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp
http://support.microsoft.com/?kbid=254949
 
Back
Top