UNIX GSS-API / Windows SSPI :
Jacques Lebastard
Jacques.Lebastard at evidian.com
Mon Sep 20 13:29:40 EDT 2004
Douglas E. Engert wrote:
>>> If your service is running on Unix, then you must make sure that
>>> you create a keytab containing entries for each of the keys that
>>> Windows can produce for the SPN. (RC4-HMAC, DES-CBC-MD5, DES-CBC-CRC).
>>> The DES enctypes will only be used if the account associated with
>>> the SPN is marked DES only.
>>
>> How can I check this and, second question, how can I generate a keytab
>> with RC4-HMAC encryption ? The ktpass tool does not accept the
>> RC4-HMAC crypto type:
>
> If you knew the password (or key) added to AD, you could try using ktutil,
> instead of ktpass.
> Use addent ... -e arcfour-hmac-md5
>
> Ktutil let me create a keytab, I don't know if is correct.
No such 'addent' command for ktutil running on Solaris 9 :-( :
--
Mr. Jacques LEBASTARD mailto:jacques.lebastard at evidian.com
EVIDIAN S.A. www.evidian.com
Rue Jean Jaurès Tel: +33 1 30 80 77 86
F-78340 LES CLAYES SOUS BOIS Fax: +33 1 30 80 77 99
More information about the Kerberos
mailing list