Creating an MIT style keytab for an existing Windows AD member computer

Nicolas Williams Nicolas.Williams at
Wed Jul 23 21:40:46 EDT 2008

On Wed, Jul 23, 2008 at 05:55:20PM -0700, Russ Allbery wrote:
> Nicolas Williams <Nicolas.Williams at> writes:
> > On Wed, Jul 23, 2008 at 02:01:43PM -0400, Michael B Allen wrote:
> >> Extracting the keys from AD is not possible [1].
> > Nor ist it possible to extract them from MIT krb5 KDCs.
> It is as of 1.6 using kadmin.local (not that this changes the rest of your
> point).

Right, it doesn't -- running kadmin.local on the KDC with sufficient
privilege qualifies as "privileged access to a KDC" :)

More information about the Kerberos mailing list