Easy question: keytab needed for client?
Sam Hartman
hartmans at MIT.EDU
Sun Apr 11 15:34:09 EDT 2004
>>>>> "Gabe" == Gabe H <gjh2 at cornell.YOUKNOWTHEREST> writes:
Gabe> This question was asked by someone else on 08/14/2003, but
Gabe> there was no response to it (I'm pasting a copy of that post
Gabe> below), so I'm asking the question again. The section
Gabe> entitled "The Keytab File" in the MIT documentation touches
Gabe> upon the fact that the keytab files are used by the
Gabe> kerberized application server, but didn't mention anything
Gabe> about them being used on a client machine. Is it safe to
Gabe> assume that the keytab stuff is not used at all on a client?
Keytabs are not needed on a client. However keep in mind that when
logging into a machine, the machine is a server for the login service.
So if ypau are using a PAM module, or something else to use Kerberos
to verify authorization to use a machine (either at the console or
over the network), then you still should use a keytab.
More information about the Kerberos
mailing list