Summary of DES salt for 2000 & 2003
Gerald (Jerry) Carter
jerry at samba.org
Fri Jul 7 17:07:55 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 7 Jul 2006, Dave Daugherty wrote:
> To coerce Windows KDC...
> You either don't supply preauth data up front (at which time Windows
> will send back the salt along with a PREAUTH REQUIRED error - which can
> then be used to generate the preauth data, and is available to return to
> the application), or by supply enctype RC4-HMAC as the primary and DES
> variants as secondary encs. In this case, if the DES bit is set on the
> computer account, the Windows KDC will reject the RC4-HMAC preauth but
> will tell you the enctypes it supports along with the salt.
I agree this is the optiomal way but we have to deal with
preexisting krb5 libs. So I don't see a way around the current methods.
At least we don't have to guess so much anymore.
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
-----END PGP SIGNATURE-----
More information about the samba-technical