Streamlining host principal keytab provisioning?

Russ Allbery rra at stanford.edu
Tue May 8 03:16:23 EDT 2012


Sebastian Galiano <Sebastian.Galiano at spilgames.com> writes:

> Ok, I missunderstood with the KEYTAB_PRINCIPAL parameter, now I've
> changed for user at REALM which is the principal I gave permissions to.

It needs to be the principal for which you created a keytab that's stored
wherever $KEYTAB_FILE is pointing to.

> Just in case i renewed the ticket of user at realm and then: 

> $wallet create keytab nfs/host.domain.org
> wallet: keytab object implementation not configured

Okay, you're back to remctl working again.

    if (not $Wallet::Config::KEYTAB_KRBTYPE) {
        die "keytab object implementation not configured\n";

    unless (defined ($Wallet::Config::KEYTAB_PRINCIPAL)
            and defined ($Wallet::Config::KEYTAB_FILE)
            and defined ($Wallet::Config::KEYTAB_REALM)) {
        die "keytab object implementation not configured\n";

One of those variables isn't actually set or isn't being loaded or
something.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list