The MIT ktutil has an addent subcommand added in 1999-08-06 sometime prior to version 1.2.2. Heimdal implemented the add subcommand in March of 1998.
As you point out the Solaris 9 verison of ktutil does not have this. I don't think it has arcfour support in the libs either. We use MIT Kerberos on Solaris which does introperate will with Windows AD.
Jacques Lebastard wrote:
Douglas E. Engert wrote:
If your service is running on Unix, then you must make sure that you create a keytab containing entries for each of the keys that Windows can produce for the SPN. (RC4-HMAC, DES-CBC-MD5, DES-CBC-CRC). The DES enctypes will only be used if the account associated with the SPN is marked DES only.
How can I check this and, second question, how can I generate a keytab with RC4-HMAC encryption ? The ktpass tool does not accept the RC4-HMAC crypto type:
If you knew the password (or key) added to AD, you could try using ktutil,
instead of ktpass.
Use addent ... -e arcfour-hmac-md5
Ktutil let me create a keytab, I don't know if is correct.
No such 'addent' command for ktutil running on Solaris 9 :-( :
--
Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
