[Samba] Kerberos Keytab and Openssh

ww m-pubsyssamba pubsyssamba at bbc.co.uk
Wed Jan 7 15:36:36 GMT 2004

Hi Dan,

	I think this is the same issue I came across some time ago. Check https://bugzilla.samba.org for bug id 538 and see if that matches your problem. If so the fix has obviously missed 3.0.1 so I hope it will be integrated into 3.0.2,

		thanks Andy.

-----Original Message-----
From: samba-bounces+pubsyssamba=bbc.co.uk at lists.samba.org
[mailto:samba-bounces+pubsyssamba=bbc.co.uk at lists.samba.org]On Behalf Of
Dan Perry
Posted At: 07 January 2004 15:10
Posted To: Samba
Conversation: Kerberos Keytab and Openssh
Subject: [Samba] Kerberos Keytab and Openssh


I'm having an issue with samba 3.0.1 (and I also tried grabbing source from
cvs a day ago).   I've searched around, but haven't come up with any working
patches to help me.  My first issue is an interaction between the principals
used by samba and those by openssh.   I built openssh with gssapi support.
For sshd, I need to install a host/machine principal in the keytab
(/etc/krb5.keytab).   Now, I'd like to build and install samba on the
machine.  When I do so, and use 'net join' to create a computer account on
the domain for samba, both samba and openssh fail.   Creating a computer
account makes a conflicting host/machine principal, thus preventing openssh
from using gssapi successfully.   Seeing that the computer account samba
needs to function entails a host/machine principal, is there a way to have
samba extract that host principal and store in /etc/krb5.keytab?   That way,
both samba AND openssh could use the host principal.  Or, does anyone have
any other suggestions on other ways to address this problem?

To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

BBCi at http://www.bbc.co.uk/

This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically
If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.

More information about the samba mailing list