of keytabs, kerberos and winbindd
Steven Danneman
steven at samba.org
Tue Jun 19 16:07:51 MDT 2012
> The dedicated keytab has been added by Dan Sledz on commit
> d96248a9b46559552f53b0ecd3861387ea7ff050 a bit more than 3 years ago
> I think it was because of specials needs from Isilon, Steven can you
> comment, explain the uses cases ?
Hey Matthieu,
Being over 3 years ago my memory is a little fuzzy, but it was probably
an Isilon specific need.
At the time we were creating a machine account on every node in our
cluster each with a different password, and each of these nodes had a
separate name like foo-1, foo-2, foo-3, etc. Yet, the entire cluster
could be accessed via a DNS round-robin resolver with a single name like
foo.company.com.
So I think we needed custom logic to accept service tickets encrypted
with the password for the foo principal, but lookup foo-1 in the keytab
or vice versa.
-Steven
More information about the samba-technical
mailing list