[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Preauthentication failed



As I said in a previous mail DES might have a problem with salt values which 
don't exist when using RC4. Also RC4 is a stringer encryption and should be 
prefered over DES.  The new ktpass have a -crypto : RC4-HMAC-NT option which 
is the default.

Regards
Markus

ktpass /?
Command line options:

---------------------most useful args
[- /]          out : Keytab to produce
[- /]        princ : Principal name (user@REALM)
[- /]         pass : password to use
                     use "*" to prompt for password.
[- +]      rndPass : ... or use +rndPass to generate a random password
[- /]      minPass : minimum length for random password (def:15)
[- /]      maxPass : maximum length for random password (def:256)
---------------------less useful stuff
[- /]      mapuser : map princ (above) to this user account (default: don't)
[- /]        mapOp : how to set the mapping attribute (default: add it)
[- /]        mapOp :  is one of:
[- /]        mapOp :        add : add value (default)
[- /]        mapOp :        set : set value
[- +]      DesOnly : Set account for des-only encryption (default:don't)
[- /]           in : Keytab to read/digest
---------------------options for key generation
[- /]       crypto : Cryptosystem to use
[- /]       crypto :  is one of:
[- /]       crypto : DES-CBC-CRC : for compatibility
[- /]       crypto : DES-CBC-MD5 : for compatibliity
[- /]       crypto : RC4-HMAC-NT : default 128-bit encryption
[- /]        ptype : principal type in question
[- /]        ptype :  is one of:
[- /]        ptype : KRB5_NT_PRINCIPAL : The general ptype-- recommended
[- /]        ptype : KRB5_NT_SRV_INST : user service instance
[- /]        ptype : KRB5_NT_SRV_HST : host service instance
[- /]         kvno : Override Key Version Number
                     Default: query DC for kvno.  Use /kvno 1 for Win2K 
compat.
[- +]       Answer : +Answer answers YES to prompts.  -Answer answers NO.
[- /]       Target : Which DC to use.  Default:detect
---------------------options for trust attributes (Windows Server 2003 Sp1 
Only
[- /] MitRealmName : MIT Realm which we want to enable RC4 trust on.
[- /]  TrustEncryp : Trust Encryption to use; DES is default
[- /]  TrustEncryp :  is one of:
[- /]  TrustEncryp :        RC4 : RC4 Realm Trusts (default)
[- /]  TrustEncryp :        DES : go back to DES


"Florian Erfurth" <floh-erfurth@arcor.de> wrote in message 
f2v5cs$apf$2@sea.gmane.org">news:f2v5cs$apf$2@sea.gmane.org...
> Hi Markus
>
> Markus Moeller wrote:
>
>> Have you tried to create a keytab with rc4 ? There isn't anymore a need 
>> to
>> use DES
> Umm... no. How do I that? Is that the cause of the preauthentication
> failure?
>
>> Markus
> Thank you!
> cu Floh
>
>