I have been doing some kerberos testing using a W2K KDC and also a .NET KDC. I am seeing some differences when it comes to how these two "salt" the password for key generation using DES-CBC-MD5 encryption. The W2K seems to pickup whatever is in the userPrincipalName field in AD and use that as salt, while .NET ignores the userPrincipalName and uses the host name (host/compname@REALM) instead.
Anyone has an idea what is going on here? Are there any documentation on what the KDC should use as salt? Thank you, Greg ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
