ktutil - problems generating AES keys (salt?)

Ben H bhendin at gmail.com
Sat Aug 2 02:19:21 EDT 2014


I expect this is probably a known issue, though I can't really find any
definitive source:

I am integrating with an AD domain.

If using RC4 encryption I am able to generate a keytab file using either
window's ktpass or via ktutil on the Linux side (assuming the account's
password is known)
However when using AES, the keytab generated using ktutil appears to create
the wrong key.

My guess is that ktutil is using an improper salt (or none at all).
 According to MS-KILE section 3.1.1.2 when creating a key for a computer
account to use the following salt:

----
Computer accounts: < DNS name of the realm, converted to upper case > |
"host" | < computer
name, converted to lower case with trailing "$" stripped off > | "." | <
DNS name of the realm,
converted to lower case >
---

The document is worded poorly as it can be interpreted that this salt is
used for all enctypes, but I believe that only AES is salted in this way
and based on my testing RC4 doesn't get salted.

This would make sense that ktutil can properly generate a compatible RC4
key if no salt is required, but fails in the AES key.

I see no way to feed ktutil a salt when generating the key.

Is there another supported method to create keytabs using the kerberos
tools while providing a salt?
I don't want to resort to samba or something similar, and not sure I even
can since I've actually need to support *only* AES within the AD domain
(i.e. no RC4).

I have a semi-workaround in that if I generate a key using ktpass I can
simply take the key (without having to transfer the entire keytab) and use:

addent -key -p principal -k kvno -e aes256-cts

and then provide the key generated on the windows side...however this still
involves work done on the windows system.

Can someone confirm my findings are accurate, and if there is a better
solution?

I have found a tool called msktutil which I have built and it generates
keytabs properly, I would prefer a method I know will exist with every krb5
distribution.

Thanks!


More information about the Kerberos mailing list