[30196] in Kerberos
Re: ktutil get
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Tue Aug 5 16:32:03 2008
Date: Tue, 5 Aug 2008 15:29:22 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>
Message-ID: <20080805202922.GJ25547@Sun.COM>
Mail-Followup-To: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>,
kerberos@mit.edu
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <g78ls6$2f4j$2@relay.tomsk.ru>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Tue, Aug 05, 2008 at 04:44:54AM +0000, Victor Sudakov wrote:
> Victor Sudakov wrote:
>
> > > There is a very useful command "ktutil get" in Heimdal. It allows to
> > > conveniently join a host into a Kerberos domain, without bothering
> > > about transferring the keytab.
>
> > > What is the analogous command in the Solaris Kerberos implementation?
>
> > No Solaris Kerberos experts here? Well, what is the analogous command
> > in MIT Kerberos?
>
> Am I asking something stupid? How do you securely transfer a keytab
> for the host principal to the host? "ktutil get" does just that.
kadmin(1M) is the tool to use to set principal keys and maintain keytab
files. The kadmin protocol uses RPCSEC_GSS and Kerberos for transport
protection.
If you want to move keytab files around securely then use ssh/sftp or
any other secure file transfer or remote filesystem protocol.
Nico
--
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
