[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Windows machine accounts and keytabs

To: cyrus@univ-paris4.fr
Subject: Re: Windows machine accounts and keytabs
From: Michael B Allen <miallen@ioplex.com>
Date: Mon, 14 Jan 2008 11:51:30 -0500
Cc: heimdal-discuss@sics.se
In-Reply-To: <478B68E9.30204@univ-paris4.fr>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
Organization: IOPLEX Software
References: <cfb54190712050123v180e3e46gfbe7c031b2a80d6d@mail.gmail.com><20071205104155.GA9773@boogie.lpds.sztaki.hu><cfb54190712050354q4d6d996eg99c11cee0461c227@mail.gmail.com><478B68E9.30204@univ-paris4.fr>
Reply-To: heimdal-discuss@sics.se, Michael B Allen <miallen@ioplex.com>

On Mon, 14 Jan 2008 14:51:37 +0100
cyrus@univ-paris4.fr wrote:

> Hello,
> 
> When configuring a Windows workstation to use a Heimdal KDC ( 
> http://www.pdc.kth.se/heimdal/heimdal.html#Configuring-Windows-2000-to-use-a-Heimdal-KDC 
> ), you issue the command ksetup /setmachpassword.
> I have two questions about this command :
> 
> 1) where is this "machine password" stored in the system( the windows 
> registry ? SAM ? ) ?

Somewhere you can't get to it.

> 2) is it possible to generate a host/hostname.example.com principal with 
> a random-key on the KDC, extract to a keytab, and import this keytab 
> into the workstation without having to enter a password ?

No. There's no way to import or export a keytab representing the machine
account of a Windows workstation.

Mike

-- 
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/

Follow-Ups:
- Re: Windows machine accounts and keytabs
  - From: Jeffrey Altman <jaltman@secure-endpoints.com>

References:
- Windows machine accounts and keytabs
  - From: cyrus@univ-paris4.fr

Prev by Date: Re: Fixes required to make test suite work (at least with hdb_ldap enabled)
Next by Date: Mixing heimdal and MIT clients.
Prev by thread: Windows machine accounts and keytabs
Next by thread: Re: Windows machine accounts and keytabs
Index(es):
- Date
- Thread