[32743] in Kerberos
Copying keys from one KDC to another?
daemon@ATHENA.MIT.EDU (Brian Candler)
Thu Sep 30 10:24:18 2010
Date: Thu, 30 Sep 2010 15:24:09 +0100
From: Brian Candler <B.Candler@pobox.com>
To: kerberos@mit.edu
Message-ID: <20100930142409.GB3342@talktalkplc.com>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I have cross-realm authentication working, and one step of this required me
to do the following on both KDCs:
# kadmin.local
addprinc krbtgt/BAR.EXAMPLE.COM@FOO.EXAMPLE.COM
and then type the same (long and random) password into both boxes.
Ideally I would have generated a random password on one box (e.g.
addprinc -randkey) and then copied it to the other, and I wondered if there
is a straightforward way to do this.
I could, for example, extract the principal and password into a keytab file;
but is it possible to import this keytab file into the other KDC database?
Maybe pasting the output from /dev/urandom into two terminal sessions is
easier anyway. I just wanted to know if I was missing a trick :-)
Regards,
Brian.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
