[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: using active directory keys

>Does anyone know if there's any possibility of extracting keys from an
>active directory and loading them into a Heimdal KDC (or even an MIT
>one)?  I couldn't find any relevant info from a web search.

It's not possible to extract the Kerberos keys directly without using
the proprietary Active Directory replication protocol.

However you can get the NT OWFs using a tool such as "pwdump2", which
can be imported as keys with type KEYTYPE_ARCFOUR.

-- Luke