Easy question: keytab needed for client?

Gabe H. gjh2 at cornell.YOUKNOWTHEREST
Sat Apr 10 12:13:04 EDT 2004


This question was asked by someone else on 08/14/2003, but there was no
response to it (I'm pasting a copy of that post below), so I'm asking the
question again.  The section entitled "The Keytab File" in the MIT
documentation touches upon the fact that the keytab files are used by the
kerberized application server, but didn't mention anything about them being
used on a client machine.  Is it safe to assume that the keytab stuff is not
used at all on a client?

Thanks!



****************************************************************
****************************************************************
****************************************************************
******** Copy of original posting...
****************************************************************
****************************************************************

From: Thomas Schulze <sch.y7er at gmx.net>
Newsgroups: comp.protocols.kerberos
Subject: newbie question keytab for client or server
Date: Thu, 14 Aug 2003 17:55:55 GMT


Hi all,

sorry if this are poor and simple questions..

On my server I have Kerberos V (Heimdal) and OpenLDAP slapd installed.
I exported keys to /etc/krb5.keytab and can access slapd with ldapsearch

via
GSSAPI/Keberos-Authentication. So far I'm happy ;-)

Now I would like to use another client in the network to connect
slapd with kerberos-authentication. My questions are:
- Do I need the /etc/krb5.keytab on each client?
- How can I handle security issues -- the keytab-file contains keys for

different applications and hosts.
- Do I have to transmit the keytab file  via sftpd or is there a kerbero
s
tool for that?

Best

Thomas





More information about the Kerberos mailing list