[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: extracting keytabs(ext works fine but...)

What you did, is what I do.  I don't see another way to do it.

One tip, however, is to combine both the host and service key extraction
in one command.

ext --keytab=/tmp/gwenever.keytab host/gwenever ldap/gwenever

On Mon, 2005-07-11 at 05:08, jay alvarez wrote:
> Hi,
>   I haven't encountered this scenario before where I
> needed to add additional keytabs for other services
> that will run on a single host(not on the same host
> that kadmin(kdc) is running. If the keytabs will all
> reside in the localhost where kadmin is running(which
> is also the kdc server), ext works automagically
> appending newly extracted keys to my /etc/krb5.keytab.
> But for other host that have existing keytabs, for a
> single keytab, e.g; ldap/myhost.com, I do it like this
> ext --keytab=/tmp/gwenever.keytab
> ldap/gwenever.com@myrealm
> and then scp /tmp/gwenever.keytab to the etc of that
> host(gwenever). But one time, I needed to have two
> keytabs on that host(gwenever), one is the
> host/gwenever and another is ldap/gwenever keytab, for
> use with ldap client, and gssapi ssh login.
> What I did was the delete gwenever's existing keytab
> that contains only host/gwenever and then on the kdc..
> I launched kadmin and did:
> ext --keytab=/tmp/gwenever.keytab host/gwenever
> then
> ext --keytab=/tmp/gwenever.keytab ldap/gwenever
> and finally scp'd it to gwenever.
> When I typed ktutil list on gwenever, both needed
> keytabs appeared.
> Question, is there any less stupid way of doing this,
> instead of just deleting the old keytab, sort of just
> appending only. :)
> Thanks!
> ____________________________________________________
> Sell on Yahoo! Auctions – no fees. Bid on great items.  
> http://auctions.yahoo.com/
veritatis simplex oratio est

Andrew Bacchi
Staff Systems Programmer
Rensselaer Polytechnic Institute
phone: 518 276-6415  fax: 518 276-2809