[cifs-protocol] salt used for various principal types

Sebastian Canevari Sebastian.Canevari at microsoft.com
Mon Sep 21 15:30:13 MDT 2009

Thanks Andrew,

I'll take care of this and will keep you updated!

Thanks and regards,


-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Monday, September 21, 2009 2:47 PM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: [cifs-protocol] salt used for various principal types

I can't find any reference in either MS-ADTS or MS-KILE regarding the salt used for for the different types of principals in the kerberos protocol.  (A salt is used as a confounded in string2key operations in

I know there are different salt calculations for users and computers, and presumably again for interdomain trust accounts. See:

I asked about this in respect to domain trusts in August 2008, and received an informative reply, but I can't find the algorithm for user/machine accounts written down.  


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

More information about the cifs-protocol mailing list