Fatal编程技术网
  • active-directory/
  • Active directory Windows Server 2003-Ktpass-加密:枚举值“rc4 hmac”未知

Active directory Windows Server 2003-Ktpass-加密:枚举值“rc4 hmac”未知

active-directory single-sign-on

Active directory Windows Server 2003-Ktpass-加密:枚举值“rc4 hmac”未知,active-directory,single-sign-on,kerberos,windows-server-2003,ktpass,Active Directory,Single Sign On,Kerberos,Windows Server 2003,Ktpass,我正在尝试在Windows Server 2003上使用Ktpass创建一个键表 Ktpass -princ host/prueba-mail.ejemplo.org@EJEMPLO.ORG -mapuser host -pass password -crypto rc4-hmac -out UNIXhost.keytab 我得到以下错误: crypto: enum value 'rc4-hmac' is not known. Error: argument for option "crypt

我正在尝试在Windows Server 2003上使用Ktpass创建一个键表

Ktpass -princ host/prueba-mail.ejemplo.org@EJEMPLO.ORG -mapuser host -pass password -crypto rc4-hmac -out UNIXhost.keytab
我得到以下错误:

crypto: enum value 'rc4-hmac' is not known.
Error: argument for option "crypto" must be one of the following values:
DES-CBC-CRC : for compatibility
DES-CBC-MD5 : default
Command line options:

---------------------most useful args
[- /]          out : Keytab to produce
[- /]        princ : Principal name (user@REALM)
[- /]         pass : password to use
                     use "*" to prompt for password.
---------------------less useful stuff
[- /]      mapuser : map princ (above) to this user account (default: don't)
[- /]        mapOp : how to set the mapping attribute (default: add it)
[- /]        mapOp :  is one of:
[- /]        mapOp :        add : add value (default)
[- /]        mapOp :        set : set value
[- +]      DesOnly : Set account for des-only encryption (default:do)
[- /]           in : Keytab to read/digest
---------------------options for key generation
[- /]       crypto : Cryptosystem to use
[- /]       crypto :  is one of:
[- /]       crypto : DES-CBC-CRC : for compatibility
[- /]       crypto : DES-CBC-MD5 : default
[- /]        ptype : principal type in question
[- /]        ptype :  is one of:
[- /]        ptype : KRB5_NT_PRINCIPAL : The general ptype-- recommended
[- /]        ptype : KRB5_NT_SRV_INST : user service instance
[- /]        ptype : KRB5_NT_SRV_HST : host service instance
[- /]         kvno : Override Key Version Number
                     Default: query DC for kvno.  Use /kvno 1 for Win2K compat.
[- +]       Answer : +Answer answers YES to prompts.  -Answer answers NO.
[- /]       Target : Which DC to use.  Default:detect
我有两个问题:

1我打算在Centos 6上使用imap服务实现Windows用户的单点登录。虽然可以使用-crypto rc4,但hmac也可以为DES-CBC-CRC或DES-CBC-MD5?服务?。我相信Windows客户都有加密的票据rc4 hmac,这将不允许工作,我怀疑我的问题之一就在那里

2有几种方法允许Windows Server 2003您可以选择rc4 hmac

谢谢你的帮助。

试试看

/crypto RC4-HMAC-NT 


/crypto all