Creating an MIT style keytab for an existing Windows AD member computer
Nicolas Williams
Nicolas.Williams at sun.com
Wed Jul 23 21:40:46 EDT 2008
On Wed, Jul 23, 2008 at 05:55:20PM -0700, Russ Allbery wrote:
> Nicolas Williams <Nicolas.Williams at sun.com> writes:
> > On Wed, Jul 23, 2008 at 02:01:43PM -0400, Michael B Allen wrote:
>
> >> Extracting the keys from AD is not possible [1].
>
> > Nor ist it possible to extract them from MIT krb5 KDCs.
>
> It is as of 1.6 using kadmin.local (not that this changes the rest of your
> point).
Right, it doesn't -- running kadmin.local on the KDC with sufficient
privilege qualifies as "privileged access to a KDC" :)
More information about the Kerberos
mailing list