Automatic keytab creation

Roland C. Dowdeswell elric at
Tue Oct 23 01:32:09 EDT 2012

On Tue, Oct 23, 2012 at 12:51:57AM +0000, Jaap Winius wrote:

> On Mon, 22 Oct 2012 12:07:11 -0700, Russ Allbery wrote:
> > remctl doesn't, as yet, have support for anonymous PKINIT, although it's
> > something that I want to add.
> Then perhaps remctl is currently not part of a solution to this problem. 
> Is there any way at all to automatically create a keytab on a newly 
> installed host?

I have some Kerberos administration tools that can be found at:

In particular, krb5_admin and krb5_keytab may be of interest.
These include support for self-service provisioning operations as
well as secure host key bootstrapping (although the latter is not
documented, yet).

I haven't tried the code against MIT for a while and have made
quite a few extensions since then but I'm sure that it will be
relatively easy to get things working as a previous version was
built against MIT and is being actively used in a reasonably large

    Roland Dowdeswell                      http://Imrryr.ORG/~elric/

More information about the Kerberos mailing list