ktutil get

Victor Sudakov vas at mpeks.no-spam-here.tomsk.su
Tue Aug 5 22:38:39 EDT 2008

Javier Palacios wrote:
> >>
> >> Am I asking something stupid? How do you securely transfer a keytab
> >> for the host principal to the host? "ktutil get" does just that.
> >>
> > Is 'kadmin -q "ktadd /tmp/keytab"  '  what you're looking for?

> I think what Victor actually ask is a single command to do something like
> kadmin -q "addprinc -randkey `hostname -f`" && kadmin -q "ktadd `hostame -f`"

You run "ktutil get host/A" on host A and it does the following in one

1. Contacts the remote kadmind, creates the principal host/A there
with a random key.
2. Securely transfers the keys back to host A.
3. Installs them in host A's keytab.

which is a very convenient way of joining a host into a Kerberos
domain. This method does not require any external means to transfer a
keytab (like ssh or floppy).

 From your replies I guess that this convenient feature is totally
missing from MIT Kerberos :(( or is implemented in a totally different

Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/

More information about the Kerberos mailing list