allowing SSO for other hosts
Fredrik Tolf
fredrik at dolda2000.com
Mon Jan 9 13:37:47 EST 2006
On Mon, 2006-01-09 at 09:28 -0600, Douglas E. Engert wrote:
> Rodrick Brown wrote:
> > ktadd user/foo1.bar.com
>
> Not heeded, users are not in keytabs.
In my experience, that's not just unneeded, but even detrimental. When I
did that on my MIT KDC (in order to be able to get a TGT with
kinit -kt ...), it increased the principal's kvno and put a random key
on that principal, which meant that it wasn't possible to decrypt the
TGT using a password anymore.
Fredrik Tolf
More information about the Kerberos
mailing list