Incompatibility between krb's AES256-CTS-HMAC-SHA1-96 and Microsoft Windows Domain
Isaac Boukris
iboukris at gmail.com
Tue Oct 31 11:59:20 EDT 2017
On Tue, Oct 31, 2017 at 5:47 PM, Isaac Boukris <iboukris at gmail.com> wrote:
> On Tue, Oct 31, 2017 at 4:44 PM, Ido Shlomo <shloim at gmail.com> wrote:
>> Since this is an automated task, I cannot generate anything outside the
>> machine.
>> Is it possible to specify the salt using ktutil?
>
> You can try an AS request where the KDC tells the salt, like:
> # KRB5_TRACE=/dev/tty kinit principal
>
> btw, for user-account in AD the salt is the UPN attribute of the user.
Sorry, I misread the question, thought you were asking how to find the
actual salt.
I am not familiar with such option in ktutil, though according to the
source code the recent version of it does provide this option
(alternatively, you can use the same code that ktutil uses and specify
the salt).
Regards.
More information about the krbdev
mailing list