On Wed, 2005-01-05 at 21:59, Dave Love wrote: > Does anyone know if there's any possibility of extracting keys from an > active directory and loading them into a Heimdal KDC (or even an MIT > one)? I couldn't find any relevant info from a web search. > > The scenario is Windows pass-through login trusting Heimdal for SSO, > and wanting to avoid resetting passwords on Windows accounts. Aside from the dump format route, you could also use the Samba migration route (net rpc vampire) and the fact that Heimdal will read the Samba passwords, when in LDAP. Again, this is only the arcfour-hmac-md5 encryption type for now, but it is a 128 bit hash. https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap (The issue with this encryption type is lack of support in older kerberos libs, more than anything else). I have code that extracts more than just these keys from AD, but I've not yet fully parsed the structure I'm given. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
This is a digitally signed message part