How to obtain Service_key in the course of kerberos authentication?

杨昌玉 ycy360 at
Mon Nov 18 06:11:09 MST 2013

Dear Everybody:
     I sent a message "How to get Service_key and the corresponding function call interface from the Samba source TGS_REPpart"last week, this time, I continue to do a supplementary of background and problems, thank you for your answer, very grateful!

1, Built environment
    1) Exchange server:
       The operator system of Exchange server is Windows Server2008R2, We configured it as Active Directory (primary domain controller) used for client authentication (Kerberos);and configured it for Exchange mail server.
    2) Exchange client:
      The operator system of Exchange client is WindowsXP or Windows7,  We configured it as Exchange client for sending and receiving messages.

2, The function I want to achieve 
    Now I want to use RedHat5.5 (installed with  Samba4.0.0) to realize the proxy of Exchange(I called it Exchange Proxy below), That is, the Exchange Proxy need to have the functional of DC(domain controller) and KDC(Key Distribute Center).
    Referances the information of, I have configured the RedHat5.5 as AD DC. 
    A large number of the found data show that, in the course of kerberos authentication, if we get the Service_key, which produce in the TGS_REP messages during the stage of  the Exchange Server reponse the message to the client, Our Exhange Proxy will be able to achieve  authentication and communication between Client_side  and Server-side.

    We Already know that  we have administrator privileges.

3, The ultimate goal
    How to get Service_key  through mentioned above through Samba source?

4, Urgent problem to be solved
   In the process of realization the Exchange Proxy, I encounter the following very difficult problem.
    1) In the Samba source code, is there any tool can get to the Service_key?
    2) In the Samba source code, is there any relevant interface Synchronous the authentication key information  between Windows2008R2 and Redhat5.5?
     On the above description of the problems, I want to hear your ideas, opinions and suggestions.
     Any help would be appreciated sincerely.
     Best wishes. 

                                                                                                                                     Yours sincerely, 
                                                                                                                                      Changyu Yang
                                                                                                                                Dalian University Of China

More information about the samba-technical mailing list