Windows 2000/2003 KDCs
swbell
kerygma2 at swbell.net
Thu Aug 5 11:48:25 EDT 2004
Before a Windows server is turned into a domain controller for the first
time, there will not be any DES password hashes stored that can be used by
Kerberos. Any user added, or having the administrator change their password
AFTER the domain controller promotion will be OK.
in article 88C8B14D74194F409F0E4AEC20DF2284134845 at MTLFS1.montreal.hcl.com,
"Pierre Goyette" at pierre at montreal.hcl.com wrote on 8/5/04 7:59 AM:
> Various articles mention that after you create a mapped user account in
> Windows 2000 or Server 2003 (for application servers), that you should
> change the password (I assume to the same one) once after running ktpass
> to ensure that the DES key gets created.
>
> I am trying to understand exactly what this does because I have never
> done this and everything works fine for me.
>
> Under what conditions should you do this?
>
> TIA
>
> Pierre
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list