string-to-key in Windows Server 2003

Ben Cox cox-work at
Thu Jun 26 16:48:41 EDT 2003

We are attempting to authenticate against a Windows Server 2003 Active
Directory Server and getting a preauthentication failure (preauth is
enc-timestamp).  We're using a key that we generated from the password
and stored into a keytab; this works against a Win2K AD server but not
against a 2003 server.

Did the string-to-key algorithm change in Win 2003?  (Or does it use a
different mechanism for generating the salt?)

Any info (or pointers to info) on this would be appreciated.

-- Ben

More information about the Kerberos mailing list