ktutil get
Victor Sudakov
vas at mpeks.no-spam-here.tomsk.su
Tue Aug 5 22:54:02 EDT 2008
Jason Edgecombe wrote:
> >
> >>> There is a very useful command "ktutil get" in Heimdal. It allows to
> >>> conveniently join a host into a Kerberos domain, without bothering
> >>> about transferring the keytab.
> >>>
> >
> >
> >>> What is the analogous command in the Solaris Kerberos implementation?
> >>>
> >
> >
> >> No Solaris Kerberos experts here? Well, what is the analogous command
> >> in MIT Kerberos?
> >>
> >
> > Am I asking something stupid? How do you securely transfer a keytab
> > for the host principal to the host? "ktutil get" does just that.
> >
> >
> >
> Is 'kadmin -q "ktadd /tmp/keytab" ' what you're looking for?
I think so, at least according to kadmin(1M) it must be what I am
looking for.
It is a pity I cannot check it out because Solaris' kadmin seems to be
incompatible with FreeBSD's kadmind:
$ kadmin
kadmin: unable to get host based service name for realm SIBPTUS.TOMSK.RU
$ cat /etc/krb5/krb5.conf
# by VAS
[libdefaults]
default_realm = SIBPTUS.TOMSK.RU
dns_lookup_kdc = yes
$
$ host -t srv _kerberos-adm._tcp.sibptus.tomsk.ru
_kerberos-adm._tcp.sibptus.tomsk.ru has SRV record 0 0 749 big.sibptus.tomsk.ru.
$
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
More information about the Kerberos
mailing list