Copying keys from one KDC to another?
Brian Candler
B.Candler at pobox.com
Thu Sep 30 10:24:09 EDT 2010
I have cross-realm authentication working, and one step of this required me
to do the following on both KDCs:
# kadmin.local
addprinc krbtgt/BAR.EXAMPLE.COM at FOO.EXAMPLE.COM
and then type the same (long and random) password into both boxes.
Ideally I would have generated a random password on one box (e.g.
addprinc -randkey) and then copied it to the other, and I wondered if there
is a straightforward way to do this.
I could, for example, extract the principal and password into a keytab file;
but is it possible to import this keytab file into the other KDC database?
Maybe pasting the output from /dev/urandom into two terminal sessions is
easier anyway. I just wanted to know if I was missing a trick :-)
Regards,
Brian.
More information about the Kerberos
mailing list