Achim Grolms wrote:
> On Wednesday 22 March 2006 18:19, Tim Alsop wrote: > > >>Alternatively, you can use one of the many tools available that replace >>the need for ktpass, and use computer accounts for key storage. These >>tools do not suffer from the same issues as ktpass. > > > What are that tools? > Can you send searchkeywords or pointers so I can find and use them? Google for msktutil which will get you to http://www.pppl.gov/~dperry/mskturil-0.3.16.tar.gz We are using this. Goolge for netjoin This is an update of the MS netjoin. Samba has some tools, but adds too many principal in many cases. Something else that can be very helpfull is to use the Windows mmc with the ADSI edit to lok at the registry. You can look at the account that was created, and look at the KVNO as the ms-DS-KeyVersionNumber. Other interesting fields are the userPrincipalName, and servicePrincipalName. Keep in mind that the Windows has a single password that is used to generate the keys on the fly for each of the principals (userPrincipalName and servicePrincipalName) asociated with the account. Kerberos uses a seperate key for each principal created when the kettrab is created. So if you change the password on the account, you have to change the keys in the keytab at the same time for all the principal assiciated with that account. Msktutil tries to do this for your. > > Thank you, > Achim > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
