Jacques Lebastard Jacques.Lebastard at evidian.com
Mon Sep 20 13:29:40 EDT 2004

Douglas E. Engert wrote:
>>> If your service is running on Unix, then you must make sure that
>>> you create a keytab containing entries for each of the keys that
>>> Windows can produce for the SPN.  (RC4-HMAC, DES-CBC-MD5, DES-CBC-CRC).
>>> The DES enctypes will only be used if the account associated with
>>> the SPN is marked DES only.
>> How can I check this and, second question, how can I generate a keytab 
>> with RC4-HMAC encryption ? The ktpass tool does not accept the 
>> RC4-HMAC crypto type:
> If you knew the password (or key) added to AD, you could try using ktutil,
> instead of ktpass.
> Use addent ... -e arcfour-hmac-md5
> Ktutil let me create a keytab, I don't know if is correct.

No such 'addent' command for ktutil running on Solaris 9 :-(  :

Mr. Jacques LEBASTARD            mailto:jacques.lebastard at evidian.com
EVIDIAN S.A.                     www.evidian.com
Rue Jean Jaurès                  Tel: +33 1 30 80 77 86
F-78340 LES CLAYES SOUS BOIS     Fax: +33 1 30 80 77 99

More information about the Kerberos mailing list