supplementalCredentials with aes keys?
Stefan (metze) Metzmacher
metze at samba.org
Mon Feb 19 12:12:21 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Luke Howard schrieb:
>> have you ever seen keys other than ENCTYPE_DES_CBC_CRC(1) and
>> ENCTYPE_DES_CBC_MD5(3) in the Primary:Kerberos blob?
> No, because those are the only types (apart from rc4-hmac, which
> is in unicodePwd) supported.
> Also when replicating non-DES keys to AD domain controllers using
> my understanding of the syntax (which may be wrong), it appeared
> that AD would have trouble parsing the attribute.
does your understanding differs much from what I have in
samba4/source/librpc/idl/drsblobs.idl as package_PrimaryKerberosBlob?
Have you tried (or could you try) to replciate a PrimaryKerberos blob
with a 3rd key to an windows server? Or just replicate one key
and see if windows likes this?
setup_primary_kerberos() after lp_parm_bool(-1, "password_hash",
"create_aes_key", false), how I would add a 3rd key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical