AW: AW: AW: Example for kinit -S ... ?

Barbat, Calin c.barbat at osram.de
Mon Jan 24 10:29:49 EST 2005


Hello,

I try to put it better:

1.) what I use now is:

	kinit -k -t /etc/krb5.keytab <princ1>@<REALM1>

and this gets a ticket, which is displayed by klist as "Service Ticket: krbtgt/..."

2.) the only command gettig me some result is 

	kinit -k -t /etc/krb5.keytab <princ1>@<REALM1> -S <princ1>@<REALM1>

which leads to the klist display "Service Ticket: <princ1>@<REALM1>"

3.) when I issue 

	kinit -k -t /etc/krb5.keytab <princ1>@<REALM1> -S <princ2>@<REALM2>

kinit is saying something about "Server  not found in kerberos database" or "Client not found in kerberos database".

I suppose, if <princ1>@<REALM1> is to use the service <princ2>@<REALM2> then it has to get a ticket for it. And the other way around, too.
How is this done best? 

Is there a solution employing some flags like proxiable, forwardable, etc., or is it done by "-S"? And do I have to store all needed service tickets in the keytab?

Calin.


-----Ursprüngliche Nachricht-----
Von: Roland Dowdeswell [mailto:elric at imrryr.org]
Gesendet: Montag, 24. Januar 2005 15:33
An: Barbat, Calin
Cc: Juan Manuel Sestelo; kerberos at mit.edu
Betreff: Re: AW: AW: Example for kinit -S ... ? 


On 1106555889 seconds since the Beginning of the UNIX epoch
"Barbat, Calin" wrote:
>

>As wd1adm: kinit -S SAPServiceWD2/<domain>@<REALM>
>As wd2adm: kinit -S SAPServiceWD1/<domain>@<REALM>
>
>But then I'd need to provide passwords, if I understand it well. Which I want 
>to avoid, in order to make it cron-able without writing passwords in the cront
>ab. Is it possible?

If you have the keys in a keytab, then:

	$ kinit -S SAPServiceWD2/<domain>@<REALM> -kt <keytab>

will get the key from the file <keytab>.

--
    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/




More information about the Kerberos mailing list