Thank you for your valuable time :) On Tue, Oct 7, 2014 at 8:32 PM, Greg Hudson <ghud...@mit.edu> wrote: > On 10/07/2014 08:43 AM, kannan rbk wrote: >> Is there any way to get the password hash & salt from the kerberos server? > > The Kerberos protocol uses a very specific kind of "password hash" (the > RFC 3961 string-to-key operation), which may not be importable into > other applications. It might be importable into Active Directory since > AD is itself a Kerberos implementation; I'm not certain. > > The MIT krb5 admin protocol doesn't allow long-term keys to be retrieved > from the DB without changing them. But you can retrieve long-term keys > using kadmin.local (using the "ktadd -norandkey" operation) or from a > database dump. > > The salt can be retrieved in a variety of ways: from the etype-info2 > field of an AS reply, from a database dump, or in most cases just by > computing the default salt from the principal name. The default salt > for a principal name is the realm name followed by the principal > components in order, e.g. "ATHENA.MIT.EDUghudson" for > ghud...@athena.mit.edu.
-- Regards, Bharathikannan R ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
