Is it possible to generate the keytab on the application server itself ?
sandypossible@gmail.com
sandypossible at gmail.com
Fri Jan 27 00:39:30 EST 2006
Hi all,
I am working on implementing kerberos on an embedded device. I am
aiming at using "windows server as KDC"
I understand that the keytab file has to be generated on the windows
KDC using ktpass and securely transferred to the application server.
This means that the kerberos implementation on the applicatio server
can decrypt the contents of the keytab file and use it appropriately
during connecting with the client.
I earlier queried and also got useful links about the tools available.
Since I do not have LDAP client, I am looking in to different ways of
getting the keytab file on to the device.
As I said above, as the keytab contents can be decoded by the
application server, is the below method is feasible and even possible ?
If not possible, can anybody please explain why it is not possible ?
--> I will add the the device name and password in the domain
controller. Using the same principal name and password, is it possible
to create the keytab file locally on the device rather than getting
this from the the domain controller ? Will it work ?
Thanks,
Sandy.
More information about the Kerberos
mailing list