ktexport - Export Kerberos Keys from Active Directory

Andrew Bartlett abartlet at samba.org
Wed May 3 01:14:31 EDT 2006


On Tue, 2006-05-02 at 21:27 -0400, Michael B Allen wrote:
> I have modified pwdump2 [1] to export a "standard" kerberos keytab
> file. This utility is called ktexport and you can download it here:
> 
>   http://www.ioplex.com/utilities/
> 
> README.ktexport is inlined below but I just want to stress that currently
> the key is the only data within each entry that is actually correct. The
> vno and so on are default values that are almost certainly wrong. However,
> it turns out that Ethereal doesn't care. So the generated sam.keytab
> can be used with Ethereal to decrypt Kerberos tickets. Yeah!

The other similar utility is samba4's 'net samdump keytab'.  This does
the same thing, for the same purpose, but remotely.  You must join the
domain as a BDC first (net join bdc <domain>).

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20060503/3b61c468/attachment.bin


More information about the Kerberos mailing list