[30198] in Kerberos
Re: ktutil get
daemon@ATHENA.MIT.EDU (Victor Sudakov)
Wed Aug 6 08:44:19 2008
From: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>
Date: Wed, 6 Aug 2008 02:54:02 +0000 (UTC)
Message-ID: <g7b3oa$23a9$1@relay.tomsk.ru>
X-Complaints-To: noc@sibptus.tomsk.ru
X-Comment-To: Jason Edgecombe <jason@rampaginggeek.com>
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Jason Edgecombe wrote:
> >
> >>> There is a very useful command "ktutil get" in Heimdal. It allows to
> >>> conveniently join a host into a Kerberos domain, without bothering
> >>> about transferring the keytab.
> >>>
> >
> >
> >>> What is the analogous command in the Solaris Kerberos implementation?
> >>>
> >
> >
> >> No Solaris Kerberos experts here? Well, what is the analogous command
> >> in MIT Kerberos?
> >>
> >
> > Am I asking something stupid? How do you securely transfer a keytab
> > for the host principal to the host? "ktutil get" does just that.
> >
> >
> >
> Is 'kadmin -q "ktadd /tmp/keytab" ' what you're looking for?
I think so, at least according to kadmin(1M) it must be what I am
looking for.
It is a pity I cannot check it out because Solaris' kadmin seems to be
incompatible with FreeBSD's kadmind:
$ kadmin
kadmin: unable to get host based service name for realm SIBPTUS.TOMSK.RU
$ cat /etc/krb5/krb5.conf
# by VAS
[libdefaults]
default_realm = SIBPTUS.TOMSK.RU
dns_lookup_kdc = yes
$
$ host -t srv _kerberos-adm._tcp.sibptus.tomsk.ru
_kerberos-adm._tcp.sibptus.tomsk.ru has SRV record 0 0 749 big.sibptus.tomsk.ru.
$
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
