[19159] in Kerberos
Re: Keytabs in Kerberos
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Thu May 1 17:50:27 2003
From: Ken Raeburn <raeburn@MIT.EDU>
Date: Thu, 01 May 2003 17:40:19 -0400
Message-ID: <tx1issuqrb0.fsf@mit.edu>
To: kerberos@MIT.EDU
Errors-To: kerberos-bounces@mit.edu
silvio@gdora.com.br (Silvio Fonseca) writes:
> There's a way to use a "personal" keytab, I mean, how I make
> the kerberized programs to look for keytabs not only in
> /etc/krb5.keytab but to others files as well (something like a
> failover in keytabs to look first for the system-wide file and then
> to the personal one).
That's something that I think should be made configurable someday,
without requiring environment variables or anything like that just to
be able to run a server as a non-root user. I'm not sure how it should
be set up though. Perhaps some data in krb5.conf mapping the
principal name to the keytab name, like:
[libdefaults]
keytabs = {
host/* = KEYTAB:/etc/krb5.keytab
ftp/* = KEYTAB:/etc/ftp.keytab
imap/* = KEYTAB:/etc/imapd/keytab
pop/* = SRVTAB:/etc/pop.srvtab
*/* = KEYTAB:/etc/krb5.keytab
* = KEYTAB:~/.k5keytab
}
Just an idea....
Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
