[Samba] keytabs vs. secret store

Brian Jones jonesb at csail.mit.edu
Mon May 23 19:48:12 GMT 2005

Which is the preferred method of handling service principals when the
samba server is an ads member -- turning
on "use kerberos keytab" in smb.conf, or the default secrets.tdb?
Is there any particular reason I should use one over the other?

Also, all I see in secrets.tdb is the the machine password while in
krb5.keytab i see 100+ principals corresponding to various combinations
of instance and enctype.  Is the password in the secret
store used to generate keys which are kept in memory?  

More information about the samba mailing list