Question about service and host keys
John Hascall
john at iastate.edu
Thu Nov 8 08:47:41 EST 2007
> I installed Kerberos & Openldap on my Debian v4 server. I read that I should
create a principal for each host and service. The question is: do I have to exp
ort the keys of hosts and services to a file and distribute it on all machines?
(silly question? sorry but I'm a newbie)
Yes. Each host should get a file (called a keytab file, usually located
as /etc/krb5.keytab) which contains just the keys for the services
served out by that machine -- if nothing else the host/host.name.here key).
In kadmin[.local] the 'ank' command creates the keys and
the 'ktadd' command extracts them into a file.
The ktutil command is useful for checking the contents of a key file.
John
More information about the Kerberos
mailing list