[19826] in Kerberos_V5_Development
Re: Creating a keytab for an AD user
daemon@ATHENA.MIT.EDU (Idan Freiberg)
Sun Sep 23 15:37:54 2018
MIME-Version: 1.0
In-Reply-To: <79f0fd50-19d1-571e-6faf-1ba68b953f3e@mit.edu>
From: Idan Freiberg <speidy@gmail.com>
Date: Sun, 23 Sep 2018 22:37:27 +0300
Message-ID: <CAOWMy3mFQB86Vv8pNhYQbJMmviHmjQwzxH205Ef4HEFUV_BS+w@mail.gmail.com>
To: Greg Hudson <ghudson@mit.edu>
Cc: Maor Dadush <maordadush@gmail.com>,
Markus Moeller <huaraz@moeller.plus.com>, krbdev@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Microsoft’s utility called ‘ktpass’ and it fetches the salt from KDC.
בתאריך יום א׳, 23 בספט׳ 2018 ב-20:14 מאת Greg Hudson <ghudson@mit.edu>:
> On 09/23/2018 11:05 AM, Markus Moeller wrote:
> > Is that a known change (i.e. which AD attribute is used instead of
> the user id) and can ktutil addent get an option to set the salt ?
>
> I do not know if Active Directory changed. On the MIT krb5 side, we
> added a -salt option to ktutil addent in release 1.16. We also have an
> unfinished feature to fetch the salt from the KDC; I can't say if and
> when that work will be completed.
>
> There is also a popular third-party tool called msktutil which may be
> easier to use for this operation.
>
> In the future, please use kerberos@mit.edu for operational questions
> like this, not the development list.
> _______________________________________________
> krbdev mailing list krbdev@mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
--
Idan Freiberg
GPG FP: 8108 7EC9 806E 4980 75F2 72B3 8AD3 2D04 337B 1F18
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev