Generating krb5.keytab
Andrew Bartlett
abartlet at samba.org
Wed Jun 11 02:02:22 GMT 2008
On Tue, 2008-06-10 at 17:04 +0400, Matthieu PATOU wrote:
> Dear all,
>
>
> I am trying to use saslauthd directly with samba4 with the kerberos5 authentication mechanism. And it fails, starting
> saslauthd in debug mode with strace I notice that it can't find the file /etc/krb5.keytab.
>
> Is it possible to generate this file ? I tried with kadmin but got this error message:
> kadmin: Client not found in Kerberos database while initializing kadmin interface
We don't support the kadmin interface (because it is different between
MIT and Heimdal, and we didn't want to lock in our choice of krb5
implementation, even if I have strong views on it :-).
The way to handle this is actually with ldbedit on the secrets.ldb.
Look at the record in the directory for 'dns' and the entry there in
secrets.ldb. An additional attribute 'krb5Keytab' (as opposed to
'privateKeytab') is valid, and accepts absolute paths like you require.
I've not played with saslauthd and Samba4, so you might have some
hickups. What are you trying to achieve, perhaps there might be some
other ways we can get to the same goal?
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080611/ca646109/attachment.bin
More information about the samba-technical
mailing list