string-to-key in Windows Server 2003

Kevin Coffman kwc at
Thu Jun 26 17:03:53 EDT 2003

Most errors of this type (works against W2K, but not W2K3), that I have
heard of, had to do with the 2003 server trying to switch to TCP because the
packet has become too big.  It seems that either they are putting more in
the PAC, or W2K3 tries to switch earlier than W2K did.


-----Original Message-----
From: kerberos-bounces at [mailto:kerberos-bounces at] On Behalf
Of Ben Cox
Sent: Thursday, June 26, 2003 4:49 PM
To: kerberos at
Subject: string-to-key in Windows Server 2003

We are attempting to authenticate against a Windows Server 2003 Active
Directory Server and getting a preauthentication failure (preauth is
enc-timestamp).  We're using a key that we generated from the password
and stored into a keytab; this works against a Win2K AD server but not
against a 2003 server.

Did the string-to-key algorithm change in Win 2003?  (Or does it use a
different mechanism for generating the salt?)

Any info (or pointers to info) on this would be appreciated.

-- Ben

Kerberos mailing list           Kerberos at

More information about the Kerberos mailing list