Norbert Klasen wrote:
--On Freitag, 17. September 2004 20:35 +0000 Jeffrey Altman
<[EMAIL PROTECTED]> wrote:
Jacques Lebastard wrote:
How can I check this and, second question, how can I generate a keytab
with RC4-HMAC encryption ? The ktpass tool does not accept the RC4-HMAC
crypto type:
[- /] crypto : Cryptosystem to use
[- /] crypto : is one of:
[- /] crypto : DES-CBC-CRC : for compatibility
[- /] crypto : DES-CBC-MD5 : default
Trying '-crypto RC4-HMAC' indicates that the SPN is marked for DES only
! How can I modify this ?
Thanks for your help,
You need to use the KTPASS.EXE from the SUPPORT folder of Windows 2003
SP1 pre-release in order to generate a keytab with RC4-HMAC.
If you don't need a separate service account you can use Samba >= 3.0.6.
and join the host into your AD domain. With "use kerberos keytab = yes"
in smb.conf, Samba will populate your keytab with all known enc-types:
2 des3-cbc-sha1 host/[EMAIL PROTECTED]
2 des3-cbc-md5 host/[EMAIL PROTECTED]
2 arcfour-hmac-md5 host/[EMAIL PROTECTED]
2 des-cbc-md5 host/[EMAIL PROTECTED]
2 des-cbc-md4 host/[EMAIL PROTECTED]
2 des-cbc-crc host/[EMAIL PROTECTED]
2 des3-cbc-sha1 cifs/[EMAIL PROTECTED]
[..]
The keytab can be managed (e.g. add another principal) with "net ads
keytab".
Norbert
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
Have a look at http://sourceforge.net/projects/netjoin
Markus
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
