[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Windows machine accounts and keytabs

On Mon, 14 Jan 2008 14:51:37 +0100
cyrus@univ-paris4.fr wrote:

> Hello,
> When configuring a Windows workstation to use a Heimdal KDC ( 
> http://www.pdc.kth.se/heimdal/heimdal.html#Configuring-Windows-2000-to-use-a-Heimdal-KDC 
> ), you issue the command ksetup /setmachpassword.
> I have two questions about this command :
> 1) where is this "machine password" stored in the system( the windows 
> registry ? SAM ? ) ?

Somewhere you can't get to it.

> 2) is it possible to generate a host/hostname.example.com principal with 
> a random-key on the KDC, extract to a keytab, and import this keytab 
> into the workstation without having to enter a password ?

No. There's no way to import or export a keytab representing the machine
account of a Windows workstation.


Michael B Allen
PHP Active Directory SPNEGO SSO