[31763] in Kerberos
Re: Recommnended way to get krb5.keytab files for KfW installations
daemon@ATHENA.MIT.EDU (Holger Rauch)
Fri Dec 11 10:51:55 2009
Date: Fri, 11 Dec 2009 16:51:16 +0100
From: Holger Rauch <holger.rauch@empic.de>
To: kerberos@mit.edu
Message-ID: <20091211155116.GB8313@heitec.de>
MIME-Version: 1.0
In-Reply-To: <20091026111550.GA1241@heitec.de>
Content-Type: multipart/mixed; boundary="===============1641033534=="
Errors-To: kerberos-bounces@mit.edu
--===============1641033534==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="qlTNgmc+xy1dBmNv"
Content-Disposition: inline
--qlTNgmc+xy1dBmNv
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Rehi,
replying to my own mail because the reply by Douglas E. Engert
(thanks for replying, Douglas!) unfortunately didn't make it
through.
I try to accesss a central file server running Debian Lenny and
offering file access via various protcols/services: FTP, SSH/SCP
(OpenSSH), OpenAFS, CIFS (via Samba daemons) from a Windows XP
box.
I know that for SSH access host principals are required for each
client and are supposed to be stored in a krb5.keytab file, at least
that's the case with MIT Kerberos on Linux/Unix.
Isn't that also the case when using Quest PuTTY (AFAIK the only free
implementation having GSSAPI support) and WinSCP for SSH access from a
WinXP client having KfW (MIT Kerberos for Windows) installed?
The main reason why I ask this is that I want to avoid having to use
ktpass.exe because of it's mapping option(s) - that sort of scares me
off.
Any hints are most welcome.
Thanks & kind regards,
Holger
On Mon, 26 Oct 2009, Holger Rauch wrote:
> Hi,
>=20
> since the kadmin utility is not included with the current KfW bundle
> from the MIT Kerberos web site (version 3.2.2), is it "safe" to
> create krb5.keytab files for KfW using kadmin on a Unix machine and
> transfer the file to the Windows box?
>=20
> (Yes, I heard about ktpass.exe, but that's kind of awkward to use
> because of the username/principal mapping stuff that needs to be taken
> into account. Or is ktpass.exe the recommended utility and the kadmin
> on Unix+file transfer approach thus discouraged?)
>=20
> I'm using KfW on a current (all updates applied) WinXP Professional
> system.
>=20
> So, what's the easiest (and recommended) way to get krb5.keytab files
> that are usable by KfW installations?
>=20
> (I need this for accessing a kerberized Samba server, a kerberized
> sshd using PuTTY/WinSCP, and a kerberized FTP server; all of these
> services are running on the same host).
>=20
> Thanks for any hints & kind regards,
>=20
> Holger
> *** eSafe scanned this email for malicious content ***
> *** IMPORTANT: Do not open attachments from unrecognized senders ***
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Holger Rauch
Entwicklung Anwendungs-Software
Systemadministration UNIX
Tel.: +49 / 9131 / 877 - 141
Fax: +49 / 9131 / 877 - 266
Email: Holger.Rauch@empic.de
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--qlTNgmc+xy1dBmNv
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAksianQACgkQbiVtWpZdKQJZvgCeNO18VbGP1sAi51ijcYY7HMGD
di4An2UDvSAlnij5KCHh09MORmS7w67l
=Q25g
-----END PGP SIGNATURE-----
--qlTNgmc+xy1dBmNv--
--===============1641033534==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============1641033534==--
