UNIX GSS-API / Windows SSPI :
Gmane
huaraz at moeller.plus.com
Thu Oct 21 20:02:21 EDT 2004
Sorry for the duplicate mails. My e-mail client hang and send it multiple
times
Markus
"Markus Moeller" <huaraz at moeller.plus.com> wrote in message
news:4178466D.1080605 at moeller.plus.com...
> Norbert Klasen wrote:
>>
>>
>> --On Freitag, 17. September 2004 20:35 +0000 Jeffrey Altman
>> <jaltman2 at nyc.rr.com> wrote:
>>
>>> Jacques Lebastard wrote:
>>>
>>>> How can I check this and, second question, how can I generate a keytab
>>>> with RC4-HMAC encryption ? The ktpass tool does not accept the RC4-HMAC
>>>> crypto type:
>>>>
>>>> [- /] crypto : Cryptosystem to use
>>>> [- /] crypto : is one of:
>>>> [- /] crypto : DES-CBC-CRC : for compatibility
>>>> [- /] crypto : DES-CBC-MD5 : default
>>>>
>>>> Trying '-crypto RC4-HMAC' indicates that the SPN is marked for DES only
>>>> ! How can I modify this ?
>>>>
>>>> Thanks for your help,
>>>
>>>
>>> You need to use the KTPASS.EXE from the SUPPORT folder of Windows 2003
>>> SP1 pre-release in order to generate a keytab with RC4-HMAC.
>>
>>
>> If you don't need a separate service account you can use Samba >= 3.0.6.
>> and join the host into your AD domain. With "use kerberos keytab = yes"
>> in smb.conf, Samba will populate your keytab with all known enc-types:
>> 2 des3-cbc-sha1 host/brittany.ad.local at AD.LOCAL
>> 2 des3-cbc-md5 host/linux.ad.local at AD.LOCAL
>> 2 arcfour-hmac-md5 host/linux.ad.local at AD.LOCAL
>> 2 des-cbc-md5 host/linux.ad.local at AD.LOCAL
>> 2 des-cbc-md4 host/linux.ad.local at AD.LOCAL
>> 2 des-cbc-crc host/linux.ad.local at AD.LOCAL
>> 2 des3-cbc-sha1 cifs/linux.ad.local at AD.LOCAL
>> [..]
>>
>> The keytab can be managed (e.g. add another principal) with "net ads
>> keytab".
>>
>> Norbert
>> ________________________________________________
>> Kerberos mailing list Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>
> Have a look at http://sourceforge.net/projects/netjoin
>
> Markus
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list