supplementalCredentials with aes keys?
Stefan (metze) Metzmacher
metze at samba.org
Mon Feb 19 12:12:21 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Luke Howard schrieb:
>> have you ever seen keys other than ENCTYPE_DES_CBC_CRC(1) and
>> ENCTYPE_DES_CBC_MD5(3) in the Primary:Kerberos blob?
>
> No, because those are the only types (apart from rc4-hmac, which
> is in unicodePwd) supported.
ok, thanks!
>
> Also when replicating non-DES keys to AD domain controllers using
> my understanding of the syntax (which may be wrong), it appeared
> that AD would have trouble parsing the attribute.
Hi Luke,
does your understanding differs much from what I have in
samba4/source/librpc/idl/drsblobs.idl as package_PrimaryKerberosBlob?
Have you tried (or could you try) to replciate a PrimaryKerberos blob
with a 3rd key to an windows server? Or just replicate one key
and see if windows likes this?
see samba4/source/dsdb/samdb/ldb_modules/password_hash.c
setup_primary_kerberos() after lp_parm_bool(-1, "password_hash",
"create_aes_key", false), how I would add a 3rd key.
metze
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFF2ZQlm70gjA5TCD8RAkD3AJ44wpQ2Aljc6jWy4ak105H7eN4IMQCgjzrk
uBRCdtFeRKNwq06ZuMq9cfE=
=C+qy
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list