[Samba] Samba 4 krb5.keytab confusion

Michael Wood esiotrot at gmail.com
Mon Jan 9 04:12:28 MST 2012

On 9 January 2012 12:56, steve <steve at steve-ss.com> wrote:
> On 01/09/2012 11:50 AM, Michael Wood wrote:
>> On 9 January 2012 12:34, steve<steve at steve-ss.com>  wrote:
>>> On 01/09/2012 09:47 AM, Gémes Géza wrote:
>> [...]
>>>>> samba-tool user add steve4
>>>>> (the spn stuff you mention doesn't seem to be needed?)
>>>>> samba-tool domain exportkeytab /etc/krb5.keytab --principal=steve4
>>>> You don't need the last step (see before).
>>> OK, I'm understanding this a little more. So how can I remove steve4 from
>>> the keytab?
>> Don't bother trying to do that.  Just create a new keytab file with
>> only the relevant stuff for NFS in it.
> Hi
> Rename the keytab, touch /etc/krb5.keytab to start with a blank keytab and
> add only the nfs principal? What about all the other stuff about cifs and
> host that are in there. Are they not needed?

"samba-tool domain exportkeytab" creates a new keytab file, so no need
to create an empty file.  i.e. you would not be "adding" only the NFS
principal.  You would be creating a new keytab file with only the NFS
principal in it.

As for the other things in the keytab, I can't say off hand whether or
not you need them, but I suspect not.

Michael Wood <esiotrot at gmail.com>

More information about the samba mailing list