AW: Proof of authenticity of TGT
Jeffrey Altman
jaltman2 at nyc.rr.com
Wed Aug 23 11:01:51 EDT 2006
Ken Raeburn wrote:
> But I'd be really surprised if a Windows KDC couldn't be convinced to
> add an arbitrary service principal somehow. (But since I don't play
> around with Windows KDCs much, I couldn't tell you how to do it
> without doing all the same Google searches that you'd expect to have
> to do.)
(1) Add an account
(2) Use "SETSPN" to set a service principal name on the account
(3) Use "KTPASS" to set the enctype preferences, generate a
strong random password, and generate a keytab file
Jeffrey Altman
More information about the Kerberos
mailing list