[33101] in Kerberos
Re: Cross Realm Administration?
daemon@ATHENA.MIT.EDU (Jeff draht)
Thu Jan 13 16:30:34 2011
From: Jeff draht <jdraht@gmail.com>
Date: Thu, 13 Jan 2011 07:25:55 -0800 (PST)
Message-ID: <d33a4845-3521-4650-96ac-9a3946840618@i18g2000yqn.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Here is the piece you requested to view in my /etc/krb5/krb5.conf
It looks like others, similar to the Docs?
[realms]
LAB-PASSHE.LCL = {
kdc = drsaddcd01.lab-passhe.lcl
admin_server = drsaddcd01.lab-passhe.lcl
kdc = drsaddcd01.lab-passhe.lcl
kdc = drsaddcd02.lab-passhe.lcl
kdc = drsaddcd03.lab-passhe.lcl
kpasswd_server = drsaddcd01.lab-passhe.lcl
kpasswd_protocol = SET_CHANGE
}
[domain_realm]
.lab-passhe.lcl = LAB-PASSHE.LCL
lab-passhe.lcl = LAB-PASSHE.LCL
Regarding the system keytab file? /etc/krb5/krb5.keytab
So I am understanding it to be for Services only?
ex:
ldap/drsaddcd01.lab-passhe.lcl@LAB-PASSHE.LCL
host/yeoman.lab-passhe.lcl@LAB-PASSHE.LCL
krbtgt/LAB-PASSHE.LCL@LAB-PASSHE.LCL
The please explain a personal keytab?
So the AD Server creates the keytab.
I have a request from SAP to create a personal keytab for userid
xf1adm?
This is what they are asking for?
So the keytab is created by the AD Server using ktpass?
Then I take it on the unix machine and run the kinit command?
I must save that keytab then and point xf1adm to always look at it?
KRB5_KTNAME=/<directory>/xf1.keytab.MD5.SUN (location of the keytab)
kinit -k -t /<directory>/xf1.keytab.MD5.SUN xf1adm@passhe.edu
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
