service name? key versions?
Ken Hornstein
kenh at cmf.nrl.navy.mil
Tue Sep 10 15:37:55 EDT 2002
>This does bring a practical question to mind. Would I normally create a
>keytab file with just the entry for a particular service and transfer it to
>the service host? Does the admin keytab on the kdc need them for any
>reason?
The usual mode of operations is to ONLY run kadmin on the client, and do
a single "ktadd" from the client. You only need the two or three principals
that kadmind uses to be placed in the admin keytab (the keys are really
stored in the principal database for the use of krb5kdc).
--Ken
More information about the Kerberos
mailing list