Generating krb5.keytab
Andrew Bartlett
abartlet at samba.org
Wed Jun 11 22:00:05 GMT 2008
On Wed, 2008-06-11 at 23:18 +0300, Sergey Yanovich wrote:
> Andrew Bartlett wrote:
> > On Tue, 2008-06-10 at 17:04 +0400, Matthieu PATOU wrote:
> >> Is it possible to generate this file ? I tried with kadmin but got this error message:
> >> kadmin: Client not found in Kerberos database while initializing kadmin interface
>
> If you provisioned your installation with setup/provision, chances are
> that {prefix}/private/krb5.keytab is the file you need.
>
> > We don't support the kadmin interface (because it is different between
> > MIT and Heimdal, and we didn't want to lock in our choice of krb5
> > implementation, even if I have strong views on it :-).
>
> I believe providing Heimal-style kadmin interface on Heimdal-based KDC
> is a right thing to do. Otherwise, expect this question in different
> forms to be a frequent visitor to this mailing list :)
When we finish the work to use Heimdal externally, it will be trivial to
package a 'hdb_samba4.so' that the kadmind (or an externally launched
KDC if someone is mad enough to want that) would be quite happy to load,
should that be how you wish to manage it. We already implement the enum
and a few other methods that the KDC will never use, just for this
case :-)
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080612/983e3523/attachment.bin
More information about the samba-technical
mailing list