On Sat, 28 Oct 2006 14:40:26 +0530 "akshar kanak" <[EMAIL PROTECTED]> wrote:
> Dear Team > Is it possible to directly extract the service keys (secrect key > shared between KDC and target server) from windows 2003 Domain Controller or > Active directory for SPN cifs,smtpsvc,rpc, host etc and place them in > keytab files which can be merged with Linux keytab file instead of > adding new service to the AD using ktpass.exe. Not in a reasonable and reliable way no. There is a tool called ktexport but it has severe limitations (really meant for importing keytabs into the Wireshark packet sniffer). The Samba guys have "vampire" code that I think can do what you want but I don't know much about it. Also, note that SPNs are mapped to accounts and you really want the keys associated with accounts. So keytab entries for cifs and rpc would have the same key. Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
