Recommnended way to get krb5.keytab files for KfW installations onWindows

Holger Rauch holger.rauch at empic.de
Fri Dec 11 10:51:16 EST 2009


Rehi,

replying to my own mail because the reply by Douglas E. Engert
(thanks for replying, Douglas!) unfortunately didn't make it
through.

I try to accesss a central file server running Debian Lenny and
offering file access via various protcols/services: FTP, SSH/SCP
(OpenSSH), OpenAFS, CIFS (via Samba daemons) from a Windows XP
box.

I know that for SSH access host principals are required for each
client and are supposed to be stored in a krb5.keytab file, at least
that's the case with MIT Kerberos on Linux/Unix.

Isn't that also the case when using Quest PuTTY (AFAIK the only free
implementation having GSSAPI support) and WinSCP for SSH access from a
WinXP client having KfW (MIT Kerberos for Windows) installed?

The main reason why I ask this is that I want to avoid having to use
ktpass.exe because of it's mapping option(s) - that sort of scares me
off.

Any hints are most welcome.

Thanks & kind regards,

       Holger

On Mon, 26 Oct 2009, Holger Rauch wrote:

> Hi,
> 
> since the kadmin utility is not included with the current KfW bundle
> from the MIT Kerberos web site (version 3.2.2), is it "safe" to
> create krb5.keytab files for KfW using kadmin on a Unix machine and
> transfer the file to the Windows box?
> 
> (Yes, I heard about ktpass.exe, but that's kind of awkward to use
> because of the username/principal mapping stuff that needs to be taken
> into account. Or is ktpass.exe the recommended utility and the kadmin
> on Unix+file transfer approach thus discouraged?)
> 
> I'm using KfW on a current (all updates applied) WinXP Professional
> system.
> 
> So, what's the easiest (and recommended) way to get krb5.keytab files
> that are usable by KfW installations?
> 
> (I need this for accessing a kerberized Samba server, a kerberized
> sshd using PuTTY/WinSCP, and a kerberized FTP server; all of these
> services are running on the same host).
> 
> Thanks for any hints & kind regards,
> 
>        Holger
> *** eSafe scanned this email for malicious content ***
> *** IMPORTANT: Do not open attachments from unrecognized senders  ***



> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

--
=========================================
Holger Rauch
Entwicklung Anwendungs-Software
Systemadministration UNIX

Tel.: +49 / 9131 / 877 - 141
Fax: +49 / 9131 / 877 - 266
Email: Holger.Rauch at empic.de
=========================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20091211/102d3330/attachment.bin


More information about the Kerberos mailing list