[3714] in Kerberos-V5-bugs
[krbdev.mit.edu #1282] need standard way of finding keytab
daemon@ATHENA.MIT.EDU (Ken Raeburn via RT)
Tue Dec 17 17:52:15 2002
Message-Id: <rt-1282-3793.11.2137562453695@krbdev.mit.edu>
In-Reply-To: <rt-1282@krbdev.mit.edu>
From: "Ken Raeburn via RT" <rt-comment@krbdev.mit.edu>
Reply-To: rt-comment@krbdev.mit.edu
To: krb5-prs@mit.edu
Errors-To: krb5-bugs-admin@mit.edu
Date: Tue, 17 Dec 2002 17:51:14 -0500 (EST)
Hacks like this shouldn't be needed. There should be some standard
way of indicating where a keytab is located for a given user or
service.
For example, perhaps non-root users would look in ~/etc/krb5.keytab,
or maybe krb5.conf could have a table mapping principal names or
service (first-component) names to pathnames ("zephyr =
/usr/local/etc/zephyr/zephyr.keytab"). Maybe both.
No special configuration should be needed to look for the current
standard services (host and ftp at least) in the standard keytab,
though that could be accomplished by having a list of names instead of
just one. Say, if the default is "~/etc/krb5.keytab:/etc/krb5.keytab"
or equivalent.
Ken
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs
