Cross Realm Administration?
Jeff draht
jdraht at gmail.com
Thu Jan 13 10:25:55 EST 2011
Here is the piece you requested to view in my /etc/krb5/krb5.conf
It looks like others, similar to the Docs?
[realms]
LAB-PASSHE.LCL = {
kdc = drsaddcd01.lab-passhe.lcl
admin_server = drsaddcd01.lab-passhe.lcl
kdc = drsaddcd01.lab-passhe.lcl
kdc = drsaddcd02.lab-passhe.lcl
kdc = drsaddcd03.lab-passhe.lcl
kpasswd_server = drsaddcd01.lab-passhe.lcl
kpasswd_protocol = SET_CHANGE
}
[domain_realm]
.lab-passhe.lcl = LAB-PASSHE.LCL
lab-passhe.lcl = LAB-PASSHE.LCL
Regarding the system keytab file? /etc/krb5/krb5.keytab
So I am understanding it to be for Services only?
ex:
ldap/drsaddcd01.lab-passhe.lcl at LAB-PASSHE.LCL
host/yeoman.lab-passhe.lcl at LAB-PASSHE.LCL
krbtgt/LAB-PASSHE.LCL at LAB-PASSHE.LCL
The please explain a personal keytab?
So the AD Server creates the keytab.
I have a request from SAP to create a personal keytab for userid
xf1adm?
This is what they are asking for?
So the keytab is created by the AD Server using ktpass?
Then I take it on the unix machine and run the kinit command?
I must save that keytab then and point xf1adm to always look at it?
KRB5_KTNAME=/<directory>/xf1.keytab.MD5.SUN (location of the keytab)
kinit -k -t /<directory>/xf1.keytab.MD5.SUN xf1adm at passhe.edu
More information about the Kerberos
mailing list