[19825] in Kerberos_V5_Development

home help back first fref pref prev next nref lref last post

Re: Creating a keytab for an AD user

daemon@ATHENA.MIT.EDU (Greg Hudson)
Sun Sep 23 13:14:06 2018

To: Markus Moeller <huaraz@moeller.plus.com>, krbdev@mit.edu
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <79f0fd50-19d1-571e-6faf-1ba68b953f3e@mit.edu>
Date: Sun, 23 Sep 2018 13:13:45 -0400
MIME-Version: 1.0
In-Reply-To: <D0B3DA50EAD64FC59AC7581EBA9CCC33@Ultrabook1>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

On 09/23/2018 11:05 AM, Markus Moeller wrote:
>    Is that a known change (i.e. which AD attribute is used instead of the user id)  and can ktutil addent get an option to set the salt ?

I do not know if Active Directory changed.  On the MIT krb5 side, we 
added a -salt option to ktutil addent in release 1.16.  We also have an 
unfinished feature to fetch the salt from the KDC; I can't say if and 
when that work will be completed.

There is also a popular third-party tool called msktutil which may be 
easier to use for this operation.

In the future, please use kerberos@mit.edu for operational questions 
like this, not the development list.
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

home help back first fref pref prev next nref lref last post