Application Server and KDC share some information like Service Tkt key?

Surendra Babu A surendra.a at samsung.com
Wed Dec 28 04:14:00 EST 2005


The solution: The keytab file to be generated at the Application Server.

How? Where should I run the ktab command in Windows? How to generate this
utility first??
Following is the source===>

http://skywayradio.com/tech/j2sdk141/security/SecurityToolsSummary.html
=============================================
ktab (Linux) (Windows)
  ktab is a command-line tool that allows the user to manage the principal
names and service keys stored in a local key table. Principal and key pairs
listed in the keytab allow services running on a host to authenticate
themselves to the Key Distribution Center (KDC). Before a server can be
setup to use Kerberos, the user must setup a keytab on the host running the
server. Note that any updates made to the keytab using ktab do not affect
the Kerberos database. If you change the keys in the keytab, you must also
make the corresponding changes to the Kerberos database.

  Solaris - Equivalent functionality is available for Solaris users via the
kadmin tool that is part of Solaris operating environment. For example, for
Solaris 8, see kadmin reference page.


===============================================

----- Original Message ----- 
From: "Surendra Babu A" <Surendra.a at samsung.com>
To: "Douglas E. Engert" <deengert at anl.gov>
Cc: <kerberos at mit.edu>
Sent: Wednesday, December 28, 2005 11:46 AM
Subject: Application Server and KDC share some information like Service Tkt
key?


> Hi Douglas,
>
> Could you please clarify the following issue? I am working on Kerberos
> Server Authentication feature and using the Windows 2000 Exchange server
as
> the KDc server and SMTP server as the Application server.
>
> My aim: Server authentication should be done.
>
> Clarification on "Service Ticket Key":
>
> http://www.xml-dev.com/blog/index.php?action=viewtopic&id=21
> In the above link, the 4th and 5th steps are little confusing for me.
>
> 1. In the 3rd step, KDC sends the Service Tkt encrypted with the "Service
> Tkt Key". and etc.
>
> 2. In the 4th step, Client sends the  same Service Tkt key and
authenticator
> to the Application server. That means, the KDC and Application server
should
> agree on one "Service Ticket key". That means, there should be some
> communication between KDC and Application server. Right? How to configure
> the same with the Application server? Could you please let me know the
same?
>
> Thank you,
> -Surendra
>




More information about the Kerberos mailing list