[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Deleting only some salt types

The application is a cross-realm trust with Windows AD, and I don't  
know that this is the problem, but. . .

Is there a way to delete specific salts within an encryption type?  I  
did a normal add for the krbtgt's with a password I can then type into  
Windows.  Then deleted all the encryption types except des-cbc-md5, and  
changed the kvno back to 1.

I still have two keys though, one with the normal pw-salt(), and  
another with an afs3 salt which I'm sure Windows hasn't a clue about.   
(Hmmm.  Should be both v4 and v5 salts as well as afs3?  Different  
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu