Summary of DES salt for 2000 & 2003
Gerald (Jerry) Carter
jerry at samba.org
Fri Jul 7 16:42:39 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- From the "I-hate-DES-keys-department":
Dave,
Here's what I've been able to confirm (no surprises):
The DES salt for machine accounts is always
"strlower(host/${cn}.${REALM}) + @${REALM}"
with the exception of Win2k DCs, when the salt
is the UPN attribute (if present).
I assuming but have not confirmed yet is that the UPN
behavior is based on the domain functional level. So that
a domain with Windows 2000 and 2003 DCs would have a
domain functional level of "Windows 2000" and therefore
honor the UPN attibute for salt.
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFEro7/IR7qMdg1EfYRAso0AJkBzfme+hdNaEAu5XV92McECFDhTwCg3RAl
Bx2yMXelLb6ZRf5gFyfeF9o=
=PHn3
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list