kadmin on a Solaris Client?

Russ Allbery rra at stanford.edu
Fri Jan 14 16:26:24 EST 2011

"Draht, Jeffrey" <jdraht at passhe.edu> writes:

> I’d rather communicate this way if possible?

> Does the kadmin binary run on a non-kdc Solaris_10 ldap, kerberos
> Client?

> The KDC and AD Server are Windows 2008.

> I am having difficulty with keytabs.  I’d rather have the Unix Team
> Administer Rather than have the Intel/MS Team Create them?

Unfortunately, each major Kerberos implementation uses a substantially
different kadmin protocol (well, Heimdal's kadmind server supports most of
the MIT protocol), and Microsoft's AD in particular doesn't use the kadmin
protocol at all.

You can create something kadmin-like to run on UNIX and create keytabs for
AD if you use LDAP to create the object in AD and set its password and
then generate a key from the same password.  I don't know if anyone has
already done that work and provided it in some easy-to-use packaged form,

Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the Kerberos mailing list