[28685] in Kerberos
Re: Question about service and host keys
daemon@ATHENA.MIT.EDU (John Hascall)
Thu Nov 8 08:48:07 2007
To: Amir Saad <eng__amir@hotmail.com>
In-reply-to: Your message of Thu, 08 Nov 2007 14:58:57 +0200.
<BAY124-W28E374E451B27114004B01B48B0@phx.gbl>
Date: Thu, 08 Nov 2007 07:47:41 CST
Message-ID: <10534.1194529661@malison.ait.iastate.edu>
From: John Hascall <john@iastate.edu>
Cc: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
> I installed Kerberos & Openldap on my Debian v4 server. I read that I should
create a principal for each host and service. The question is: do I have to exp
ort the keys of hosts and services to a file and distribute it on all machines?
(silly question? sorry but I'm a newbie)
Yes. Each host should get a file (called a keytab file, usually located
as /etc/krb5.keytab) which contains just the keys for the services
served out by that machine -- if nothing else the host/host.name.here key).
In kadmin[.local] the 'ank' command creates the keys and
the 'ktadd' command extracts them into a file.
The ktutil command is useful for checking the contents of a key file.
John
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
