UNIX GSS-API / Windows SSPI :

Gmane huaraz at moeller.plus.com
Thu Oct 21 20:02:21 EDT 2004 

Sorry for the duplicate mails. My e-mail client hang and send it multiple 
times

Markus
"Markus Moeller" <huaraz at moeller.plus.com> wrote in message 
news:4178466D.1080605 at moeller.plus.com...
> Norbert Klasen wrote:
>>
>>
>> --On Freitag, 17. September 2004 20:35 +0000 Jeffrey Altman 
>> <jaltman2 at nyc.rr.com> wrote:
>>
>>> Jacques Lebastard wrote:
>>>
>>>> How can I check this and, second question, how can I generate a keytab
>>>> with RC4-HMAC encryption ? The ktpass tool does not accept the RC4-HMAC
>>>> crypto type:
>>>>
>>>> [- /]       crypto : Cryptosystem to use
>>>> [- /]       crypto :  is one of:
>>>> [- /]       crypto : DES-CBC-CRC : for compatibility
>>>> [- /]       crypto : DES-CBC-MD5 : default
>>>>
>>>> Trying '-crypto RC4-HMAC' indicates that the SPN is marked for DES only
>>>> ! How can I modify this ?
>>>>
>>>> Thanks for your help,
>>>
>>>
>>> You need to use the KTPASS.EXE from the SUPPORT folder of Windows 2003
>>> SP1 pre-release in order to generate a keytab with RC4-HMAC.
>>
>>
>> If you don't need a separate service account you can use Samba >= 3.0.6. 
>> and join the host into your AD domain. With "use kerberos keytab = yes" 
>> in smb.conf, Samba will populate your keytab with all known enc-types:
>>  2  des3-cbc-sha1     host/brittany.ad.local at AD.LOCAL
>>  2  des3-cbc-md5      host/linux.ad.local at AD.LOCAL
>>  2  arcfour-hmac-md5  host/linux.ad.local at AD.LOCAL
>>  2  des-cbc-md5       host/linux.ad.local at AD.LOCAL
>>  2  des-cbc-md4       host/linux.ad.local at AD.LOCAL
>>  2  des-cbc-crc       host/linux.ad.local at AD.LOCAL
>>  2  des3-cbc-sha1     cifs/linux.ad.local at AD.LOCAL
>> [..]
>>
>> The keytab can be managed (e.g. add another principal) with "net ads 
>> keytab".
>>
>> Norbert
>> ________________________________________________
>> Kerberos mailing list           Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>
> Have a look at http://sourceforge.net/projects/netjoin
>
> Markus
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>

More information about the Kerberos mailing list