Problem writing keyblock to krb5.keytab w/keytab binary format.

Ken Raeburn raeburn at MIT.EDU
Wed Jul 15 15:16:40 EDT 2009

On Jul 15, 2009, at 12:36, kerberos at wrote:
> In my DES calls I:
>  - pad and convert the salt from string to unsigned long to byte[8].
>  - use the converted salt as the key and initialization vector.
>  - use a cipher mode of CBC.
>  - write password to crypto stream.
>  - return array of bytes that reflect my encrypted key.
>  - binary write keyblock to new.keytab.

This is not the mechanism Kerberos uses for generating a DES key from  
a password and salt.  Check RFC 3961, particularly section 6.2.

Ken Raeburn / raeburn at / no longer at MIT Kerberos Consortium

More information about the Kerberos mailing list