[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: using active directory keys

To: d.love@dl.ac.uk
Subject: Re: using active directory keys
From: Luke Howard <lukeh@padl.com>
Date: Wed, 5 Jan 2005 23:28:21 +1100
Cc: heimdal-discuss@sics.se
Organization: PADL Software Pty Ltd
Reply-To: lukeh@padl.com
Sender: owner-heimdal-discuss@sics.se
Versions: dmail (bsd44) 2.6d/makemail 2.10


>Does anyone know if there's any possibility of extracting keys from an
>active directory and loading them into a Heimdal KDC (or even an MIT
>one)?  I couldn't find any relevant info from a web search.

It's not possible to extract the Kerberos keys directly without using
the proprietary Active Directory replication protocol.

However you can get the NT OWFs using a tool such as "pwdump2", which
can be imported as keys with type KEYTYPE_ARCFOUR.

-- Luke

--

Follow-Ups:
- Re: using active directory keys
  - From: Dave Love <d.love@dl.ac.uk>

Prev by Date: using active directory keys
Next by Date: Re: using active directory keys
Prev by thread: Re: using active directory keys
Next by thread: Re: using active directory keys
Index(es):
- Date
- Thread