Automating keytab creation when using windows 2003 KDC and linux clients
Markus Moeller
huaraz at moeller.plus.com
Mon Jan 2 06:31:43 EST 2006
Instead of using ktpass on the kdc you can do all directly from the Unix
system, by using tools like net ads join from samba. (Keep in mind that you
need to authenticate to the kdc to create accounts and if you automate this
completly (e.g. with a hardcoded password) the password will be known at
some point and may compromise your overall security)
See also my response from November
http://mailman.mit.edu/pipermail/kerberos/2005-November/008836.html
Markus
<sandypossible at gmail.com> wrote in message
news:1136182831.864285.319000 at f14g2000cwb.googlegroups.com...
> Hi all,
>
> I am using windows 2003 Domain controller as KDC and I am using linux
> machines. The steps what I have followed to make these linux machines
> to use windows 2003 server are as follows:
> 1. Configured windows 2003 as domain controller, added the linux
> machines as users.
> 2. Generated keytab files using ktpass tool.
> 3. Tested the gss server and gss client communication. It works fine.
>
> I notice that I had to add the linux mahines as users, generate
> seperate keytab files for each account and copy those on to the linux
> machines. The problem is it requires as lot of manual stuffs to do. I
> am looking in to how to automate this procedure. Could you please
> suggest how to go about it ? Could you please let me know if this is
> the standard method of doing it as of now ? Are there any other methods
> ? I am really aiming at automating this procedure as it will be
> difficult to configure non windows systems which act as application
> servers and if they are large in number.
>
> Could you please let me know your suggestions ?
>
> - Sandy.
>
More information about the Kerberos
mailing list