ktutil get
Victor Sudakov
vas at mpeks.no-spam-here.tomsk.su
Tue Aug 5 22:38:39 EDT 2008
Javier Palacios wrote:
> >>
> >> Am I asking something stupid? How do you securely transfer a keytab
> >> for the host principal to the host? "ktutil get" does just that.
> >>
> > Is 'kadmin -q "ktadd /tmp/keytab" ' what you're looking for?
> I think what Victor actually ask is a single command to do something like
> kadmin -q "addprinc -randkey `hostname -f`" && kadmin -q "ktadd `hostame -f`"
http://www.freebsd.org/cgi/man.cgi?query=ktutil
You run "ktutil get host/A" on host A and it does the following in one
step:
1. Contacts the remote kadmind, creates the principal host/A there
with a random key.
2. Securely transfers the keys back to host A.
3. Installs them in host A's keytab.
which is a very convenient way of joining a host into a Kerberos
domain. This method does not require any external means to transfer a
keytab (like ssh or floppy).
From your replies I guess that this convenient feature is totally
missing from MIT Kerberos :(( or is implemented in a totally different
manner.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
More information about the Kerberos
mailing list