Keytabs in Kerberos

Degrande_Samuel Samuel.Degrande at lifl.fr
Fri May 2 04:42:48 EDT 2003


According to Ken Raeburn (Thu, 01 May 2003 17:40:19 -0400):
> silvio at gdora.com.br (Silvio Fonseca) writes:
> > 	There's a way to use a "personal" keytab, I mean, how I make
> > the kerberized programs to look for keytabs not only in
> > /etc/krb5.keytab but to others files as well (something like a
> > failover in keytabs to look first for the system-wide file and then
> > to the personal one).
> 
> That's something that I think should be made configurable someday,
> without requiring environment variables or anything like that just to
> be able to run a server as a non-root user.  I'm not sure how it should
> be set up though.  Perhaps some data in krb5.conf mapping the
> principal name to the keytab name, like:
> 
>   [libdefaults]
>     keytabs = {
>       host/* = KEYTAB:/etc/krb5.keytab
>       ftp/* = KEYTAB:/etc/ftp.keytab
>       imap/* = KEYTAB:/etc/imapd/keytab
>       pop/* = SRVTAB:/etc/pop.srvtab
>       */* = KEYTAB:/etc/krb5.keytab
>       * = KEYTAB:~/.k5keytab
>     }
> 
> Just an idea....

Great idea ! (I'm just a little dwarf in the Kerberos community, so
none of my remarks are important, but I would really be happy to have
such a configuration).

> 
> Ken
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

-- 
Samuel Degrande           LIFL - UMR 8022 CNRS - Bat M3
Phone: (33)3.20.43.47.38  USTL - Universite de Lille 1
Fax:   (33)3.20.43.65.66  59655 VILLENEUVE D'ASCQ CEDEX - FRANCE


More information about the Kerberos mailing list