Automatic keytab creation

Russ Allbery rra at
Sun Oct 21 22:51:27 EDT 2012

Jaap Winius <jwinius at> writes:

> When using Puppet, I would also like it to automatically create keytab 
> files on new workstations. It was recently suggested to me that remctl 
> could be used for this purpose. That sounds great, except that remctl 
> seems to require a working Kerberos configuration with a keytab present 
> in advance. Is an exception possible in this case? If so, how?

The question for how you handle this bootstrap process is how do you want
to authenticate the system to put the initial keytab on it?  Everything
else about how you handle the deployment of the keytab will fall out from

remctl, and anything else Kerberos-based, is only going to help if you
already have some keytab on the system and are adding new ones.

Russ Allbery (rra at             <>

More information about the Kerberos mailing list