RE: keytab file format - exporting arcfour keys from active directory - Kerberos

This is a discussion on RE: keytab file format - exporting arcfour keys from active directory - Kerberos ; Regarding : /* * * keytab format: * * head: * 0 1 5 * 1 1 VNO 1 or 2 * per entry: * 0 4 len (excludes len) * 4 2 count of princ components (pc) * 6 ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: RE: keytab file format - exporting arcfour keys from active directory

  1. RE: keytab file format - exporting arcfour keys from active directory

    Regarding :

    /*
    *
    * keytab format:
    *
    * head:
    * 0 1 5
    * 1 1 VNO 1 or 2
    * per entry:
    * 0 4 len (excludes len)
    * 4 2 count of princ components (pc)
    * 6 2 length realm (rl)
    * 8 rl realm
    * REP *pc {
    * 0 2 length nl
    * 2 nl name-component
    * }
    * IF new? {
    * xxx 4 name-type
    * }
    * xxx 4 timestamp
    * xxx 1 vno
    * {
    * 0 2 keytype
    * 2 2 keylen
    * 4 keylen keydata
    * }
    * POSSIBLE if length left {
    * xxx 4 vno
    * }
    */

    Is the "keytype" actually the key type, or is it the etype ? I ask this
    because I have seen key tables created by various products that have the
    etype stored in this field.

    Thanks,
    Tim

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: keytab file format - exporting arcfour keys from active directory

    On Mon, 1 May 2006 22:32:44 +0100
    "Tim Alsop" wrote:

    > * 0 2 keytype
    > * 2 2 keylen
    > * 4 keylen keydata
    > * }
    > * POSSIBLE if length left {
    > * xxx 4 vno
    > * }
    > */
    >
    > Is the "keytype" actually the key type, or is it the etype ? I ask this
    > because I have seen key tables created by various products that have the
    > etype stored in this field.


    Keytype. At least the values I'm seeing correspond to the values seen
    in ktutil list (e.g. 3 is des-cbc-md5, 23 is arcfour-hmac-md5, 16 is
    des3-cbc-sha1, etc).

    Mike
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread