[31617] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Recommnended way to get krb5.keytab files for KfW installations

daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Mon Oct 26 10:36:18 2009

Message-ID: <4AE5B3CC.5040007@anl.gov>
Date: Mon, 26 Oct 2009 09:35:56 -0500
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: Holger Rauch <holger.rauch@empic.de>
In-Reply-To: <20091026111550.GA1241@heitec.de>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu



Holger Rauch wrote:
> Hi,
> 
> since the kadmin utility is not included with the current KfW bundle
> from the MIT Kerberos web site (version 3.2.2), is it "safe" to
> create krb5.keytab files for KfW using kadmin on a Unix machine and
> transfer the file to the Windows box?
> 
> (Yes, I heard about ktpass.exe, but that's kind of awkward to use
> because of the username/principal mapping stuff that needs to be taken
> into account. Or is ktpass.exe the recommended utility and the kadmin
> on Unix+file transfer approach thus discouraged?)
> 
> I'm using KfW on a current (all updates applied) WinXP Professional
> system.
> 
> So, what's the easiest (and recommended) way to get krb5.keytab files
> that are usable by KfW installations?
> 
> (I need this for accessing a kerberized Samba server, a kerberized
> sshd using PuTTY/WinSCP, and a kerberized FTP server; all of these
> services are running on the same host).
>

Are you sure you need the krb5.keytab on the Windows side? Sounds like
the XP system is the client only. Unless you are trying to use a keytab
with kinit, a keytab is normally only needed on the server side. Can you
describe what OSes are running on the servers and the clients? Are you trying
to run some non-interactive client?


> Thanks for any hints & kind regards,
> 
>        Holger
> 
> 
> ------------------------------------------------------------------------
> 
> ________________________________________________
> Kerberos mailing list           Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
home help back first fref pref prev next nref lref last post