How to obtain a keytab for a Windows application server?
Sam Hartman
hartmans at MIT.EDU
Fri Feb 13 16:39:28 EST 2004
>>>>> "Colin" == Colin Caughie <c.caughie at NOSPAMdial.pipex.com> writes:
>> "kadmin" is a KDC administration tool. KfW does not include
>> "kadmin" because KfW does not support the hosting of a KDC on
Colin> Windows. Especially given that (unless I'm mistaken) kadmin
Colin> is the recommended way of securely getting a keytab onto an
Colin> application server machine.
That depends on how secure the remote application server machine is.
I'm unwilling to type my admin password into most application server
machines.
I'd probably use kadmin to get a key on my Kerberos server, Kerberos
slaves, or LDAP servers. I'd tend to use kadmin on a secure
workstation and scp (making sure not to forward credentials) to get
keytabs to most other machines.
--Sam
More information about the Kerberos
mailing list