Application Server and KDC share some information like Service Tkt key?

Surendra Babu A surendra.a at samsung.com
Wed Dec 28 21:06:34 EST 2005 

Hi,

> The solution: The keytab file to be generated at the Application Server.
>
> How? Where should I run the ktab command in Windows? How to generate this
> utility first??

> Following is the source===>
>
> http://skywayradio.com/tech/j2sdk141/security/SecurityToolsSummary.html
> =============================================
> ktab (Linux) (Windows)
>   ktab is a command-line tool that allows the user to manage the principal
> names and service keys stored in a local key table. Principal and key
pairs
> listed in the keytab allow services running on a host to authenticate
> themselves to the Key Distribution Center (KDC). Before a server can be
> setup to use Kerberos, the user must setup a keytab on the host running
the
> server. Note that any updates made to the keytab using ktab do not affect
> the Kerberos database. If you change the keys in the keytab, you must also
> make the corresponding changes to the Kerberos database.
>
>   Solaris - Equivalent functionality is available for Solaris users via
the
> kadmin tool that is part of Solaris operating environment. For example,
for
> Solaris 8, see kadmin reference page.
>
>
> ===============================================
>
> ----- Original Message ----- 
> From: "Surendra Babu A" <Surendra.a at samsung.com>
> To: "Douglas E. Engert" <deengert at anl.gov>
> Cc: <kerberos at mit.edu>
> Sent: Wednesday, December 28, 2005 11:46 AM
> Subject: Application Server and KDC share some information like Service
Tkt
> key?
>
>
> > Hi Douglas,
> >
> > Could you please clarify the following issue? I am working on Kerberos
> > Server Authentication feature and using the Windows 2000 Exchange server
> as
> > the KDc server and SMTP server as the Application server.
> >
> > My aim: Server authentication should be done.
> >
> > Clarification on "Service Ticket Key":
> >
> > http://www.xml-dev.com/blog/index.php?action=viewtopic&id=21
> > In the above link, the 4th and 5th steps are little confusing for me.
> >
> > 1. In the 3rd step, KDC sends the Service Tkt encrypted with the
"Service
> > Tkt Key". and etc.
> >
> > 2. In the 4th step, Client sends the  same Service Tkt key and
> authenticator
> > to the Application server. That means, the KDC and Application server
> should
> > agree on one "Service Ticket key". That means, there should be some
> > communication between KDC and Application server. Right? How to
configure
> > the same with the Application server? Could you please let me know the
> same?
> >
> > Thank you,
> > -Surendra
> >
>

More information about the Kerberos mailing list