Reminder about Samba4's secrets.keytab
Andrew Bartlett
abartlet at samba.org
Wed Dec 21 22:32:12 GMT 2005
On Wed, 2005-12-21 at 23:14 +0100, Guenther Deschner wrote:
> Hi Andrew,
>
> On Thu, Dec 22, 2005 at 06:11:27AM +1100, Andrew Bartlett wrote:
> > Just a quick note to Samba4 developers, who are trying to chase down
> > issues with ethereal.
> >
> > Ethereal supports decrypting kerberos data with a keytab (Preferences ->
> > Protocols -> KRB5 -> Try to decrypt Kerberos blobs).
> >
> > You may point it at the 'secrets.keytab' in the Samba4 private
> > directory, which automatically contains the krbtgt and Samba server
> > keys.
> >
> > For windows domains, I'm intending to write a 'net samdump keytab'
> > utility, to directly dump the remote windows realm keys into a keytab.
>
> what makes you think that this is a samba4 only matter?
Only that it is setup that way out of the box (and we don't yet have the
commands for manually pushing into a keytab).
> When Samba3 uses a
> keytab (typically /etc/krb5.keytab), I use the same mechanism to read
> packets in ethereal, are you planning to port the "net samdump keytab" to
> samba3 as well? Otherwise I'd like to do that.
I wasn't planning to port this to Samba3, so feel free. The callback
function stuff I put into the Samba4 samdump code made this particularly
easy: Perhaps it's time to put a callback in the Samba3 code?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051222/29038f63/attachment.bin
More information about the samba-technical
mailing list