[6779] in Kerberos
Re: propogating files from one client to another - how??
daemon@ATHENA.MIT.EDU (Sam Hartman)
Tue Feb 27 18:03:14 1996
To: Brian Murrell <murrell@bctel.net>
Cc: kerberos@MIT.EDU
From: hartmans@MIT.EDU (Sam Hartman)
Date: 27 Feb 1996 17:48:10 -0500
In-Reply-To: Brian Murrell's message of Mon, 26 Feb 1996 16:22:31 -0800 (PST)
>>>>> "Brian" == Brian Murrell <murrell@bctel.net> writes:
Brian> Hi, I have a need to propogate databases (files really)
Brian> from one Kerberos client to another. The functionality I'm
Brian> looking for is much like the way the KDC propogates to it's
Brian> slave. As a matter of fact, the two machines that are to
Brian> be talking to each other happen to be the KDC and slave KDC
Brian> if that makes any kind of difference.
I assume you are using Kerberos5; I don't think the term KDC is in as common of usage with krb4.
There is an accidentally undocumented option to kinit (-k)
that gets tickets from a keytab. For example, say I want to get
tickets in a script running on foo.mit.edu I might write
kinit -l 0:30 -k host/foo.mit.edu # get 30 min tickets
tar -cf - /files |rsh bar.mit.edu -x tar -xf -
This would get tickets then use the tickets to establish an
encrypted session to another computer for the untaring. (it assumes
that foo.mit.edu has a valid keytab).
Under Kerberos4 you should use the ksrvtgt program to get
tickets from a srvtab. Note that there is no encrypted rsh under
krb4, but there is a working encrypted rcp.
--Sam
