[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Windows machine accounts and keytabs

To: heimdal-discuss@sics.se, Michael B Allen <miallen@ioplex.com>
Subject: Re: Windows machine accounts and keytabs
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Mon, 14 Jan 2008 21:14:40 -0500
CC: cyrus@univ-paris4.fr
DKIM-Signature: v=1; a=rsa-sha256; c=simple;d=secure-endpoints.com; s=MDaemon; t=1200363284; x=1200968084;q=dns/txt; h=DomainKey-Signature:Received:Message-ID:Date:From:Organization:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:OpenPGP:Content-Type:Reply-To; bh=75+CCfWEhMc+oSaBaAnXSanjyhq6ptTHZnNM49U7Yok=; b=Swd/ek+NF+/ARrj9bM3Ie6X0S5COmZZjerzd9GaAEOwEXchyXhV2ApYqBEx8WdmEVI4AxKzV3lvIOFuHLyijKMXOgut2XuARg5WrTsMYYg4hUjNCN/7IQPThbtBroK01JMXCU81XE/39vX0A6K9szu6Rfmjma2an2GI8DrTK/Hs=
DomainKey-Signature: a=rsa-sha1; s=MDaemon; d=secure-endpoints.com;c=simple; q=dns; h=message-id:from;b=al8Zxs5H2WnjzW8nEybgZlEpMjrzbhwsmA+einlWeQGuiBEGYJLRZ3/YnYCd0Uf7hBfHtluOiFOmdDBjMklgemmIBc9I4AT/tFKxOkQgrjx//1YACXN15StbGVjTvfDji0AYNA7YHpL0d4+Jqag65z4KQ5JV23ogf4lxeGdA3L8=;
In-Reply-To: <20080114115130.fcc9a40c.miallen@ioplex.com>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
OpenPGP: url=http://pgp.mit.edu
Organization: Secure Endpoints Inc.
References: <cfb54190712050123v180e3e46gfbe7c031b2a80d6d@mail.gmail.com> <20071205104155.GA9773@boogie.lpds.sztaki.hu> <cfb54190712050354q4d6d996eg99c11cee0461c227@mail.gmail.com> <478B68E9.30204@univ-paris4.fr> <20080114115130.fcc9a40c.miallen@ioplex.com>
Reply-To: heimdal-discuss@sics.se, Jeffrey Altman <jaltman@secure-endpoints.com>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)

Michael B Allen wrote:
> On Mon, 14 Jan 2008 14:51:37 +0100
> cyrus@univ-paris4.fr wrote:
>
>> Hello,
>>
>> When configuring a Windows workstation to use a Heimdal KDC ( 
>> http://www.pdc.kth.se/heimdal/heimdal.html#Configuring-Windows-2000-to-use-a-Heimdal-KDC 
>> ), you issue the command ksetup /setmachpassword.
>> I have two questions about this command :
>>
>> 1) where is this "machine password" stored in the system( the windows 
>> registry ? SAM ? ) ?
>
> Somewhere you can't get to it.
If only that were true.  Open "regedit.exe" under the SYSTEM account.
>
>> 2) is it possible to generate a host/hostname.example.com principal with 
>> a random-key on the KDC, extract to a keytab, and import this keytab 
>> into the workstation without having to enter a password ?
>
> No. There's no way to import or export a keytab representing the machine
> account of a Windows workstation.
Windows workstations generate the key on the fly from the machine 
password which is stored on the machine in the registry.   What you 
would require is a "generate a random password" function and then set 
that password on the Windows system.

S/MIME Cryptographic Signature

Follow-Ups:
- Re: Windows machine accounts and keytabs
  - From: Michael B Allen <miallen@ioplex.com>

References:
- Windows machine accounts and keytabs
  - From: cyrus@univ-paris4.fr
- Re: Windows machine accounts and keytabs
  - From: Michael B Allen <miallen@ioplex.com>

Prev by Date: Re: heimdal 1.0.2RC6
Next by Date: Re: Windows machine accounts and keytabs
Prev by thread: Re: Windows machine accounts and keytabs
Next by thread: Re: Windows machine accounts and keytabs
Index(es):
- Date
- Thread