Easy question: keytab needed for client?

Sam Hartman hartmans at MIT.EDU
Sun Apr 11 15:34:09 EDT 2004


>>>>> "Gabe" == Gabe H <gjh2 at cornell.YOUKNOWTHEREST> writes:

    Gabe> This question was asked by someone else on 08/14/2003, but
    Gabe> there was no response to it (I'm pasting a copy of that post
    Gabe> below), so I'm asking the question again.  The section
    Gabe> entitled "The Keytab File" in the MIT documentation touches
    Gabe> upon the fact that the keytab files are used by the
    Gabe> kerberized application server, but didn't mention anything
    Gabe> about them being used on a client machine.  Is it safe to
    Gabe> assume that the keytab stuff is not used at all on a client?


Keytabs are not needed on a client.  However keep in mind that when
logging into a machine, the machine is a server for the login service.
So if ypau are using a PAM module, or something else to use Kerberos
to verify authorization to use a machine (either at the console or
over the network), then you still should use a keytab.



More information about the Kerberos mailing list