[33112] in Kerberos
Re: kadmin on a Solaris Client?
daemon@ATHENA.MIT.EDU (Russ Allbery)
Fri Jan 14 16:26:29 2011
From: Russ Allbery <rra@stanford.edu>
To: "kerberos\@mit.edu" <kerberos@mit.edu>
In-Reply-To: <8545D0BD986EF74F8000B00A00991582484AB56845@PASSHEENTMSG1.PASSHE.LCL>
(Jeffrey Draht's message of "Fri, 14 Jan 2011 16:05:15 -0500")
Date: Fri, 14 Jan 2011 13:26:24 -0800
Message-ID: <87lj2nuqgv.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
"Draht, Jeffrey" <jdraht@passhe.edu> writes:
> I’d rather communicate this way if possible?
> Does the kadmin binary run on a non-kdc Solaris_10 ldap, kerberos> Client?
> The KDC and AD Server are Windows 2008.
> I am having difficulty with keytabs. I’d rather have the Unix Team> Administer Rather than have the Intel/MS Team Create them?
Unfortunately, each major Kerberos implementation uses a substantiallydifferent kadmin protocol (well, Heimdal's kadmind server supports most ofthe MIT protocol), and Microsoft's AD in particular doesn't use the kadminprotocol at all.
You can create something kadmin-like to run on UNIX and create keytabs forAD if you use LDAP to create the object in AD and set its password andthen generate a key from the same password. I don't know if anyone hasalready done that work and provided it in some easy-to-use packaged form,though.
-- Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
