Hi, Is there a reference anywhere that outlines the different password salting methods used by different KDCs?
AFAICT AD w/ RC4 doesn't actually use a salt. Heimdal seems to just use the realm and principal name concatenated together without any separators. What does MIT do? What does Windows 2008 w/ AES use? Windows 2000? Do the salt values change depending on the enctype? I'm interested in knowing to what degree salts can be predicted given only the information a client preparing to issue an AS-REQ would have. Ultimately I'm trying to reduce ETYPE_INFO(2) discovery to improve performance and get rid of annoying Windows "preauthentication failed" event log errors. Mike -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/ ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
