> * I have windows AD 2003 forest with 2-way trust to
> MIT realm.
> * Crossrealm setup has been configured.
> Question: From info available on the mit website,
> it appears the microsoft cache *has* to be
> copied to mit credential cache (leash
> Is this required? Can applications (eg: kerberized
> directly use microsoft credential cache?
Applications can be written to use the Microsoft Kerberos SSP.
If so, they don't use the MIT libraries at all.
If the application is written to use the MIT Kerberos libraries
then there are two choices. Leash can copy the credentials from
the MSLSA ccache into the MIT CCAPI cache or the user can choose
to use the MSLSA cache directly.