Michael B Allen wrote: > On Mon, 14 Jan 2008 14:51:37 +0100 > firstname.lastname@example.org wrote: > >> Hello, >> >> When configuring a Windows workstation to use a Heimdal KDC ( >> http://www.pdc.kth.se/heimdal/heimdal.html#Configuring-Windows-2000-to-use-a-Heimdal-KDC >> ), you issue the command ksetup /setmachpassword. >> I have two questions about this command : >> >> 1) where is this "machine password" stored in the system( the windows >> registry ? SAM ? ) ? > > Somewhere you can't get to it. If only that were true. Open "regedit.exe" under the SYSTEM account. > >> 2) is it possible to generate a host/hostname.example.com principal with >> a random-key on the KDC, extract to a keytab, and import this keytab >> into the workstation without having to enter a password ? > > No. There's no way to import or export a keytab representing the machine > account of a Windows workstation. Windows workstations generate the key on the fly from the machine password which is stored on the machine in the registry. What you would require is a "generate a random password" function and then set that password on the Windows system.
S/MIME Cryptographic Signature