S3 machine account and keytab
simo
idra at samba.org
Sun Mar 21 15:17:52 MDT 2010
On Sun, 2010-03-21 at 22:58 +0300, Matthieu Patou wrote:
> Hello,
>
> This is not 100% a technical question feel free to throw me to #samba ...
> I'm thinking to use kerberised ssh, for this I need a principal and a
> keytab. I was first thinking to add the ssh/hostname at REALM to the
> machine account and then export the keytab. But I think it will be a
> problem when the password change as the kvno won't be ok.
ssh uses host/fqdn at REALM
> Of course there is the option to not make the password of the
> workstation expire but somehow I don't think it's a very good idea (am I
> wrong ?).
>
> Is there an option for an host to export his password + principal as a
> keytab ?
I guess you want to look at the "kerberos method" option.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list