AW: AW: Example for kinit -S ... ?

Barbat, Calin c.barbat at osram.de
Mon Jan 24 03:38:09 EST 2005 

Hi Juan,

OK. :-)
What I'm trying to do now, is RFC calls by SNC between two SAP instances.
And I'm asking if I need to require a service ticket from the other instance or not, that is to say:

As wd1adm: kinit -S SAPServiceWD2/<domain>@<REALM>
As wd2adm: kinit -S SAPServiceWD1/<domain>@<REALM>

But then I'd need to provide passwords, if I understand it well. Which I want to avoid, in order to make it cron-able without writing passwords in the crontab. Is it possible?
And what about authenticating the SAP user which makes the RFC call, especially if it is a background job?
How can it be done?

Best regards,

Calin.


-----Ursprüngliche Nachricht-----
Von: Juan Manuel Sestelo [mailto:eltoken02 at yahoo.com.ar]
Gesendet: Freitag, 21. Januar 2005 21:08
An: Barbat, Calin
Betreff: Re: AW: Example for kinit -S ... ?


Hi Calin!
Yes, if you have two or more services (SAP instances) you can join all the keytabs into one
krb5.keytab.

This the best way to do that:
1- execute ktutil
2- Into the ktutil's command promt, write: 
   rkt <keytab1> [enter]
   rkt <keytab2> [enter]
3- if you want to see the joined keytab type list [enter]
4- write wkt </etc/krb5.keytab> [enter] to save the keytab

Then, for each SAP instance, you have to execute its own service with <SID>adm user. You can cron
this.

For example:

SAP WD1 -> kinit -k -t /etc/krb5.keytab SAPServiceWD1/<domain>@<REALM>
SAP WD2 -> kinit -k -t /etc/krb5.keytab SAPServiceWD2/<domain>@<REALM>

Regards.
Juan Manuel

 --- "Barbat, Calin" <c.barbat at osram.de> escribió: 
> Hello Luke,
> 
> Ok. Suppose, I have two services (SAP R/3 instances) which call each other by kerberized RFC
> (remote function call).
> Does every service need then a ticket for the other one, possibly in the own keytab?
> 
> Then I would do something like: kinit -k -t /etc/krb5.keytab <name1>/<domain>@<REALM> -S
> <name2>/<domain>@<REALM>
> and the keytab would need to contain both entries if I understand it well. Or?
> 
> Thanks, 
> 
> Calin.
> 
> -----Ursprüngliche Nachricht-----
> Von: Luke Howard [mailto:lukeh at padl.com]
> Gesendet: Montag, 17. Januar 2005 15:15
> An: Barbat, Calin
> Cc: kerberos at mit.edu
> Betreff: Re: Example for kinit -S ... ?
> 
> >can somebody explain to me when to issue kinit with -S <service>?
> >Perhaps with an example, preferably applied to a GSS-API-application.
> >
> >My command so far: kinit -k -t /etc/krb5.keytab <name>/<domain>@<REALM>
> 
> When you want a ticket to the specified service rather than a ticket
> granting ticket.
> 
> -- Luke
> 
> --
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>  


	

	
		
___________________________________________________________ 
250MB gratis, Antivirus y Antispam 
Correo Yahoo!, el mejor correo web del mundo 
http://correo.yahoo.com.ar

More information about the Kerberos mailing list