Copying keys from one KDC to another?

Brian Candler B.Candler at pobox.com
Thu Sep 30 10:24:09 EDT 2010


I have cross-realm authentication working, and one step of this required me
to do the following on both KDCs:

# kadmin.local
  addprinc krbtgt/BAR.EXAMPLE.COM at FOO.EXAMPLE.COM

and then type the same (long and random) password into both boxes.

Ideally I would have generated a random password on one box (e.g.
addprinc -randkey) and then copied it to the other, and I wondered if there
is a straightforward way to do this.

I could, for example, extract the principal and password into a keytab file;
but is it possible to import this keytab file into the other KDC database?

Maybe pasting the output from /dev/urandom into two terminal sessions is
easier anyway.  I just wanted to know if I was missing a trick :-)

Regards,

Brian.



More information about the Kerberos mailing list