ktadd behaviour
Andrei Maslennikov
andrei.maslennikov at gmail.com
Tue Oct 17 16:00:28 EDT 2006
Thanks Ken (I actually thought that only kvno was changed during ktadd).
I have just tried the addent subcommand of ktutil, and it did the job.
Regards - Andrei.
On 10/17/06, Ken Hornstein (Contractor) <kenh at cmf.nrl.navy.mil> wrote:
>
> > - After the ktadd operation, the data base however contains:
> >
> > Number of keys: 1
> > Key: vno 35, DES cbc mode with CRC-32, no salt
> >
> > And, obviously, klog cannot work anymore. The cpw operation
> > resolves this (recreates 3 keys), but then the previously
> > added keytab is no longer valid.
>
> You're focusing on the wrong thing here. The number of keytypes is
> really immaterial.
>
> When you use ktadd, a new _key_ is being created. This means that the
> user's password is being changed at the same time (well, when you use
> ktadd, there's no guarantee that you will end up with a key which
> necessarily corresponds to a password). When you do a ktadd, you're
> doing an implicit "cpw -randkey".
>
> What you might want to do is use ktutil to create a keytab which
> corresponds
> to the password you want to use for that account (look at "addent" inside
> of ktutil).
>
> --Ken
>
More information about the Kerberos
mailing list