AW: Proof of authenticity of TGT

Jeffrey Altman jaltman2 at
Wed Aug 23 11:01:51 EDT 2006

Ken Raeburn wrote:

> But I'd be really surprised if a Windows KDC couldn't be convinced to  
> add an arbitrary service principal somehow.  (But since I don't play  
> around with Windows KDCs much, I couldn't tell you how to do it  
> without doing all the same Google searches that you'd expect to have  
> to do.)

(1) Add an account

(2) Use "SETSPN" to set a service principal name on the account

(3) Use "KTPASS" to set the enctype preferences, generate a
    strong random password, and generate a keytab file

Jeffrey Altman

More information about the Kerberos mailing list