Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) Subject: ktutil addent should be able to fetch etype-info2 for principal X-RT-Original-Encoding: iso-8859-1 Content-Length: 880 At the moment, ktutil addent requires you to specify the enctype and salt (if it's not the default), and it just can't work if there are s2kparams or a salt that can't be written as a C string on the command line. There should be an option to fetch the etype-info2 value for the principal from the KDC and use that. To do this we need a new library interface, probably an extension of the get_init_creds interfaces, to make an AS-REQ and extract the etype-info2 from either the AS-REP or PREAUTH_REQUIRED error response. (You also have to specify a kvno to ktutil addent. That information is available from the KDC if it issues a ticket and includes a kvno in the EncryptedData, but not if preauth is required for the principal or if the KDC just doesn't include a kvno when issuing a ticket. So I don't think it's worth the complexity of even trying to fetch it.)