[cifs-protocol] 600634 - RE: salt used for various principal types

Richard Guthrie rguthrie at microsoft.com
Tue Aug 5 16:27:12 GMT 2008


I will be working with you to resolve this issue.  I will conduct my research and get back with you shortly.

Richard Guthrie
Open Protocols Support Team
Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM 7100 N Hwy 161, Irving, TX - 75039 "Las Colinas - LC2"
Tel: +1 469 775 7794
E-mail: rguthrie at microsoft.com
We're hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Monday, August 04, 2008 9:19 PM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: salt used for various principal types

I can't find any reference in either MS-ADTS or MS-KILE regarding the salt used for for the different types of principals in the kerberos protocol.  (A salt is used as a confounded in string2key operations in

I know there are different salt calculations for users and computers, and presumably again for interdomain trust accounts. See:

In particular, as I am working on interdomain trusts, and so in addition to the information at that URL, I need to know if there is a different salt used on the domain$ principal as compared to the krbtgt/my.realm at other.realm principal?


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

More information about the cifs-protocol mailing list