vas at mpeks.no-spam-here.tomsk.su
Tue Aug 5 22:54:02 EDT 2008
Jason Edgecombe wrote:
> >>> There is a very useful command "ktutil get" in Heimdal. It allows to
> >>> conveniently join a host into a Kerberos domain, without bothering
> >>> about transferring the keytab.
> >>> What is the analogous command in the Solaris Kerberos implementation?
> >> No Solaris Kerberos experts here? Well, what is the analogous command
> >> in MIT Kerberos?
> > Am I asking something stupid? How do you securely transfer a keytab
> > for the host principal to the host? "ktutil get" does just that.
> Is 'kadmin -q "ktadd /tmp/keytab" ' what you're looking for?
I think so, at least according to kadmin(1M) it must be what I am
It is a pity I cannot check it out because Solaris' kadmin seems to be
incompatible with FreeBSD's kadmind:
kadmin: unable to get host based service name for realm SIBPTUS.TOMSK.RU
$ cat /etc/krb5/krb5.conf
# by VAS
default_realm = SIBPTUS.TOMSK.RU
dns_lookup_kdc = yes
$ host -t srv _kerberos-adm._tcp.sibptus.tomsk.ru
_kerberos-adm._tcp.sibptus.tomsk.ru has SRV record 0 0 749 big.sibptus.tomsk.ru.
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
More information about the Kerberos