AW: AW: AW: Example for kinit -S ... ?
Barbat, Calin
c.barbat at osram.de
Mon Jan 24 10:29:49 EST 2005
Hello,
I try to put it better:
1.) what I use now is:
kinit -k -t /etc/krb5.keytab <princ1>@<REALM1>
and this gets a ticket, which is displayed by klist as "Service Ticket: krbtgt/..."
2.) the only command gettig me some result is
kinit -k -t /etc/krb5.keytab <princ1>@<REALM1> -S <princ1>@<REALM1>
which leads to the klist display "Service Ticket: <princ1>@<REALM1>"
3.) when I issue
kinit -k -t /etc/krb5.keytab <princ1>@<REALM1> -S <princ2>@<REALM2>
kinit is saying something about "Server not found in kerberos database" or "Client not found in kerberos database".
I suppose, if <princ1>@<REALM1> is to use the service <princ2>@<REALM2> then it has to get a ticket for it. And the other way around, too.
How is this done best?
Is there a solution employing some flags like proxiable, forwardable, etc., or is it done by "-S"? And do I have to store all needed service tickets in the keytab?
Calin.
-----Ursprüngliche Nachricht-----
Von: Roland Dowdeswell [mailto:elric at imrryr.org]
Gesendet: Montag, 24. Januar 2005 15:33
An: Barbat, Calin
Cc: Juan Manuel Sestelo; kerberos at mit.edu
Betreff: Re: AW: AW: Example for kinit -S ... ?
On 1106555889 seconds since the Beginning of the UNIX epoch
"Barbat, Calin" wrote:
>
>As wd1adm: kinit -S SAPServiceWD2/<domain>@<REALM>
>As wd2adm: kinit -S SAPServiceWD1/<domain>@<REALM>
>
>But then I'd need to provide passwords, if I understand it well. Which I want
>to avoid, in order to make it cron-able without writing passwords in the cront
>ab. Is it possible?
If you have the keys in a keytab, then:
$ kinit -S SAPServiceWD2/<domain>@<REALM> -kt <keytab>
will get the key from the file <keytab>.
--
Roland Dowdeswell http://www.Imrryr.ORG/~elric/
More information about the Kerberos
mailing list