kadmin or keytab extraction

[Gémes Géza]

2011-11-22 22:45 keltezéssel, Andrew Bartlett írta:
> On Tue, 2011-11-22 at 21:14 +0100, Gémes Géza wrote:
>
>> 2. Problems from the point of view of a *nix sysadmin:
>>     a. The KDC is quite hard to manage (no per principal keytab export
>> utility (I've wrote one, but it doesn't take spns into account)) (Today
>> I'll start to try implementing (at least parts of) kadmin into Samba4)
> I've been taking a bit of a break from full time Samba development over
> the past little while, but I'm happy to help you get the keytab
> management code you need.
>
> Andrew Bartlett
>
Hi,

My code practically replicates the code behind samba-tool domain
exportkeytab, with a new structure (which mimics libnet_export_keytab
adding just a principal) and passing that principal to a slightly
modified auth/kerberos/keytab_copy.c based kt_ext function which
iterates over the source keytab (Samba4:HDB in this case) and if the
principal it seas is the same as the parameter given it copies it to the
output keytab.
Everything works quite well (I still feel the code quite hackish) except
that I can't compare against spns (just now I've found the typedef of
krb5_keytab_entry and try to get use of it).

Thank you for your offer to help!

Cheers

Geza