[Samba] keytabs vs. secret store
jonesb at csail.mit.edu
Mon May 23 19:48:12 GMT 2005
Which is the preferred method of handling service principals when the
samba server is an ads member -- turning
on "use kerberos keytab" in smb.conf, or the default secrets.tdb?
Is there any particular reason I should use one over the other?
Also, all I see in secrets.tdb is the the machine password while in
krb5.keytab i see 100+ principals corresponding to various combinations
of instance and enctype. Is the password in the secret
store used to generate keys which are kept in memory?
More information about the samba