[1396] in Kerberos_V5_Development
Re: keytab editing
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Mon Jul 15 15:36:05 1996
To: "Barry Jaspan" <bjaspan@MIT.EDU>
Cc: krbdev@MIT.EDU
Date: Mon, 15 Jul 1996 15:34:31 EDT
From: Marc Horowitz <marc@MIT.EDU>
>> I don't see a replacement for kadm5_keytab -change in kadmin.
>>
>> -add and -change are exact synonyms in kadm5_keytab.
I know they are in keytab, but there is no change in kadmin. Now that
I've looked at the code more closely, it seems that this functionality
is almost there, but it is obscure, and doesn't quite work:
kadm5_keytab -k WRFILE:/keytab/name -change host/foo.mit.edu
is the same as
kadmin -p host/foo.mit.edu -q 'ktadd -k WRFILE:/keytab/name host/foo.mit.edu' -k -t FILE:/keytab/name
except that ktadd tries to resolve the principal name as a glob, which
fails since random keytab principals are unlikely to have list access.
Even if this is fixed (which it should be), there is something to be
said for simple toolbox clients which don't have parsers linked into
them.
A shell-script wrapper around kadmin might also be a solution; this
needs more discussion.
Marc
