Syncning passwords from MIT Kerberos to Samba 3?

Steve Gaarder gaarder1 at
Thu Dec 8 09:30:23 MST 2011

In the process of figuring out how to import passwords from MIT Kerberos 
to Samba4's Heimdal, I learned that the arcfour-hmac-md5 kerberos key is 
the same as the Windows NT password hash.  So it would seem that I can 
just decrypt and extract that key and put it in the smbpassswd file or 
tdbsam database.  I tried it and it seems to work.  Of course, there is no 
valid LANMAN password, but that's not an issue since I don't have any old 
clients.  Are there any other gotchas?


Steve Gaarder
System Administrator, Dept of Mathematics
Cornell University, Ithaca, NY, USA
gaarder at

More information about the samba-technical mailing list