Victor Sudakov <v...@mpeks.no-spam-here.tomsk.su> writes: > Russ Allbery wrote:
>> You use a password. Enter the same password on both sides when creating >> the key, and then be sure to remove any extraneous enctypes on the Heimdal >> side that AD isn't configured to provide. > Do you mean to say that the key derivation algorithm is the same in > Heimdal and in MS AD? The same password will yield the same key > anywhere, in any Kerberos implementation? Of course. Otherwise, you couldn't authenticate with a password to a Kerberos KDC provided by a different implementation. > And BTW how do I figure out what enctypes AD is configured to provide? > Is there anything like "kadmin get" for AD? I don't know, personally, having not administered AD myself, but I know that information is available from the AD admin interface. Current Windows supports 256-bit AES, 128-bit AES, RC4, and DES (although DES I think is disabled by default). Older Windows only supports RC4 and DES. I don't believe any version of Windows has ever supported 3DES. -- Russ Allbery (r...@stanford.edu) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
