string-to-key in Windows Server 2003

David Lawler Christiansen (NT) davidchr at
Fri Jun 27 16:02:36 EDT 2003

I haven't seen this problem before.  Very interesting.

Are you saying that the same keytab worked with win2k, but now doesn't
work with WS03?  If so, is anything else different about that

Can you kinit using the account's password (rather than using the key in
the keytab)?  If so, there might be some kind of corruption in the
keytab file-- regenerating the keytab may banish the problem.

This message is provided "AS IS" with no warranties, and confers no
This message may originate from an unmonitored alias ("davespam") for
spam-reduction purposes.  Use "davidchr" for individual replies.
Any opinions or policies stated within are my own and do not necessarily
constitute those of my employer.
This message originates in the State of Washington (USA), where
unsolicited commercial email is legally actionable (see
Harvesting of this address for purposes of bulk email (including "spam")
is prohibited unless by my expressed prior request.  I retaliate
viciously against spammers and spam sites.

> -----Original Message-----
> From: kerberos-bounces at 
> [mailto:kerberos-bounces at] On Behalf Of Ben Cox
> Sent: Thursday, June 26, 2003 1:49 PM
> To: kerberos at
> Subject: string-to-key in Windows Server 2003
> We are attempting to authenticate against a Windows Server 2003 Active
> Directory Server and getting a preauthentication failure (preauth is
> enc-timestamp).  We're using a key that we generated from the password
> and stored into a keytab; this works against a Win2K AD server but not
> against a 2003 server.
> Did the string-to-key algorithm change in Win 2003?  (Or does it use a
> different mechanism for generating the salt?)
> Any info (or pointers to info) on this would be appreciated.
> -- Ben
> ________________________________________________
> Kerberos mailing list           Kerberos at

More information about the Kerberos mailing list