[Samba] Kerberos Keytab and Openssh
Dan Perry
dperry at pppl.gov
Wed Jan 7 15:10:08 GMT 2004
Hi,
I'm having an issue with samba 3.0.1 (and I also tried grabbing source from
cvs a day ago). I've searched around, but haven't come up with any working
patches to help me. My first issue is an interaction between the principals
used by samba and those by openssh. I built openssh with gssapi support.
For sshd, I need to install a host/machine principal in the keytab
(/etc/krb5.keytab). Now, I'd like to build and install samba on the
machine. When I do so, and use 'net join' to create a computer account on
the domain for samba, both samba and openssh fail. Creating a computer
account makes a conflicting host/machine principal, thus preventing openssh
from using gssapi successfully. Seeing that the computer account samba
needs to function entails a host/machine principal, is there a way to have
samba extract that host principal and store in /etc/krb5.keytab? That way,
both samba AND openssh could use the host principal. Or, does anyone have
any other suggestions on other ways to address this problem?
Thanks,
Dan
More information about the samba
mailing list