[Samba] Kerberos Keytab and Openssh

Dan Perry dperry at pppl.gov
Wed Jan 7 15:10:08 GMT 2004


I'm having an issue with samba 3.0.1 (and I also tried grabbing source from
cvs a day ago).   I've searched around, but haven't come up with any working
patches to help me.  My first issue is an interaction between the principals
used by samba and those by openssh.   I built openssh with gssapi support.
For sshd, I need to install a host/machine principal in the keytab
(/etc/krb5.keytab).   Now, I'd like to build and install samba on the
machine.  When I do so, and use 'net join' to create a computer account on
the domain for samba, both samba and openssh fail.   Creating a computer
account makes a conflicting host/machine principal, thus preventing openssh
from using gssapi successfully.   Seeing that the computer account samba
needs to function entails a host/machine principal, is there a way to have
samba extract that host principal and store in /etc/krb5.keytab?   That way,
both samba AND openssh could use the host principal.  Or, does anyone have
any other suggestions on other ways to address this problem?


More information about the samba mailing list