Search squid archive

Re: Re: Kerberos with AD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Apr 16, 2012 at 07:05:23AM +0100, Markus Moeller wrote:
> 
> BTW I would not recommend using ktpass and a user account.  ktpass uses DES 
> as a default which is not anymore supported by newer MS systems and 
> secondly user accounts in AD have usually (depending on your AD setting) a 
> password expiry which would make you keytab invalid.
> 

You can choose the encryption that ktpass uses:

ktpass -princ HTTP/proxy.domain.com@xxxxxxxxxx -mapuser proxyuser@xxxxxxxxxx -crypto rc4-hmac-nt -pass secret -ptype KRB5_NT_SRV_HST -out file.keytab

This works fine on Win 2008 R2 servers - no problems with Win 7 machines
authenticating.  What you say about using an user account is valid but
sometimes you are wedged if you want to use samba on the same machine.
For us regenerating the keytab is not onerous.

-- 
Brett Lymn
"Warning:
The information contained in this email and any attached files is
confidential to BAE Systems Australia. If you are not the intended
recipient, any use, disclosure or copying of this email or any
attachments is expressly prohibited.  If you have received this email
in error, please notify us immediately. VIRUS: Every care has been
taken to ensure this email and its attachments are virus free,
however, any loss or damage incurred in using this email is not the
sender's responsibility.  It is your responsibility to ensure virus
checks are completed before installing any data sent in this email to
your computer."




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux