Kerberized ssh only works on KDC
Russ Allbery
rra at stanford.edu
Sat Nov 4 23:46:40 EST 2006
Andrew Bovill <abovill at gmail.com> writes:
> On Sat, 04 Nov 2006 21:00:35 +0000, Andrew Bovill wrote:
>>> Do those other systems have a keytab in /etc/krb5.keytab?
>>
>> Thanks! With your suggestion I was able to modify
>> my search on google, found exactly what I needed!
>> It works perfectly now. I really appreciate it
> Just a quick question though. for the keytab on the
> KDC, do I have to add all the host principals to it?
> or just the host principal for the KDC?
Only the host principal for the KDC. A system's keytab should contain
only its own keys; this is true of every system that uses a keytab,
including the KDC. Logging into the KDC shouldn't be any different than
logging into any other host.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list