[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Why is the server using DES but not RC4?
The default with the newer ktpass is RC4, so there is no need to use the
desonly nor crypto flag at all, only maybe if you need to switch behaviour.
Markus
"Achim Grolms" <achim@grolmsnet.de> wrote in message
200706282103.40125.achim@grolmsnet.de">news:200706282103.40125.achim@grolmsnet.de...
> On Thursday 28 June 2007 20:44, Markus Moeller wrote:
>
>> You can change it with ADSIEdit or ktpass +DESONLY or ktpass -DESONLY
>
> That means the RC4-ktpass command in <http://www.grolmsnet.de/kerbtut/>
> needs a -DESONLY to make RC4 work?
>
> This way, for example?
>
> C:\>ktpass -princ HTTP/beren.grolmsnet.de@GROLMSNET.DE
> -mapuser kerbdummy1
> -crypto rc4-hmac-nt
> -ptype KRB5_NT_SRV_HST
> -DESONLY
> -pass longlongpassword -out c:\temp\berenkeytab
>
> Thank you,
> Achim
>