Kerberized ssh only works on KDC

Russ Allbery rra at stanford.edu
Sat Nov 4 23:46:40 EST 2006


Andrew Bovill <abovill at gmail.com> writes:
> On Sat, 04 Nov 2006 21:00:35 +0000, Andrew Bovill wrote:

>>> Do those other systems have a keytab in /etc/krb5.keytab?
>> 
>> Thanks! With your suggestion I was able to modify
>> my search on google, found exactly what I needed!
>> It works perfectly now. I really appreciate it

> Just a quick question though. for the keytab on the
> KDC, do I have to add all the host principals to it?
> or just the host principal for the KDC?

Only the host principal for the KDC.  A system's keytab should contain
only its own keys; this is true of every system that uses a keytab,
including the KDC.  Logging into the KDC shouldn't be any different than
logging into any other host.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list