On Wed, Jul 23, 2008 at 05:55:20PM -0700, Russ Allbery wrote: > Nicolas Williams <[EMAIL PROTECTED]> writes: > > On Wed, Jul 23, 2008 at 02:01:43PM -0400, Michael B Allen wrote: > > >> Extracting the keys from AD is not possible [1]. > > > Nor ist it possible to extract them from MIT krb5 KDCs. > > It is as of 1.6 using kadmin.local (not that this changes the rest of your > point).
Right, it doesn't -- running kadmin.local on the KDC with sufficient privilege qualifies as "privileged access to a KDC" :) ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
