copying keytab file

madhuri D.J mdj_frend at yahoo.com
Sat Jul 10 03:40:45 EDT 2004


hi kroup,
 
I have installed Kerberos on a linux  machine.I have generated keytab file.
But on the Application server, do I need to run the ktadd utility to create the keytab entry for the host principal on the application server or do I need to copy the keytab file from KDC to the application server?
 
  If I need to add the keytab entry for the host principal( application server), using ktadd, and if that utility is not there on the application server, is there any way to do it?  
 
thank you




		
---------------------------------
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!!From news at ra.nrl.navy.mil Sat Jul 10 06:45:12 2004
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
	[18.7.21.83])
	by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i6AAjCl1018484
	for <kerberos at PCH.mit.edu>; Sat, 10 Jul 2004 06:45:12 -0400 (EDT)
Received: from ra.nrl.navy.mil (ra.nrl.navy.mil [132.250.1.121])
	i6AAjBsE002494
	for <kerberos at MIT.EDU>; Sat, 10 Jul 2004 06:45:11 -0400 (EDT)
Received: (from news at localhost)
	by ra.nrl.navy.mil (8.11.7p1+Sun/8.11.7) id i6AAVIR21547
	for kerberos at MIT.EDU; Sat, 10 Jul 2004 06:31:18 -0400 (EDT)
From: mdj_frend at yahoo.com (mdj_kerberos)
X-Newsgroups: comp.protocols.kerberos
Date: 10 Jul 2004 03:31:16 -0700
Organization: http://groups.google.com
Message-ID: <2db721d6.0407100231.680b4ca7 at posting.google.com>
To: kerberos at MIT.EDU
X-Mailman-Approved-At: Sun, 11 Jul 2004 03:22:18 -0400
Subject: question on keytab file , how KDC will come to know the server key?
X-BeenThere: kerberos at mit.edu
X-Mailman-Version: 2.1
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Help: <mailto:kerberos-request at mit.edu?subject=help>
List-Post: <mailto:kerberos at mit.edu>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
	<mailto:kerberos-request at mit.edu?subject=subscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos>
List-Unsubscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
	<mailto:kerberos-request at mit.edu?subject=unsubscribe>
X-List-Received-Date: Sat, 10 Jul 2004 10:45:13 -0000

hi,
  
    I have installed kerberos and KDC  is running fine. I have added a
user with admin privilage in to KDC database.


  Now, I am running kadmin remotely on the application server. I am
adding the principal as:

on the application server,

kadmin: addprinc host/localhost.localdomain

 principal is added. 

now:
kadmin: ktadd host/localhost.localdomain

 keytab file created in /etc/krb5.keytab on the appliaction server.

 I am able to get the ticket,establish the telnet connection. My
question is:

  How KDC will come to know abt the application server's password? and
where it will be stored on the KDC? ofcource on application server, it
is stored in /etc/krb5.keytab

As i Know this application server password is used  by the KDC to form
the
service key which is issued to the client.

thanks in advance


More information about the Kerberos mailing list