[19161] in Kerberos
Re: Keytabs in Kerberos
daemon@ATHENA.MIT.EDU (Degrande_Samuel)
Fri May 2 04:44:11 2003
Date: Fri, 2 May 2003 10:42:48 +0200
From: Degrande_Samuel <Samuel.Degrande@lifl.fr>
To: Ken Raeburn <raeburn@mit.edu>
Message-ID: <20030502084248.GA26712@lifl.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <tx1issuqrb0.fsf@mit.edu>
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
According to Ken Raeburn (Thu, 01 May 2003 17:40:19 -0400):
> silvio@gdora.com.br (Silvio Fonseca) writes:
> > There's a way to use a "personal" keytab, I mean, how I make
> > the kerberized programs to look for keytabs not only in
> > /etc/krb5.keytab but to others files as well (something like a
> > failover in keytabs to look first for the system-wide file and then
> > to the personal one).
>
> That's something that I think should be made configurable someday,
> without requiring environment variables or anything like that just to
> be able to run a server as a non-root user. I'm not sure how it should
> be set up though. Perhaps some data in krb5.conf mapping the
> principal name to the keytab name, like:
>
> [libdefaults]
> keytabs = {
> host/* = KEYTAB:/etc/krb5.keytab
> ftp/* = KEYTAB:/etc/ftp.keytab
> imap/* = KEYTAB:/etc/imapd/keytab
> pop/* = SRVTAB:/etc/pop.srvtab
> */* = KEYTAB:/etc/krb5.keytab
> * = KEYTAB:~/.k5keytab
> }
>
> Just an idea....
Great idea ! (I'm just a little dwarf in the Kerberos community, so
none of my remarks are important, but I would really be happy to have
such a configuration).
>
> Ken
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Samuel Degrande LIFL - UMR 8022 CNRS - Bat M3
Phone: (33)3.20.43.47.38 USTL - Universite de Lille 1
Fax: (33)3.20.43.65.66 59655 VILLENEUVE D'ASCQ CEDEX - FRANCE
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
