Automatic keytab creation
Roland C. Dowdeswell
elric at imrryr.org
Tue Oct 23 01:32:09 EDT 2012
On Tue, Oct 23, 2012 at 12:51:57AM +0000, Jaap Winius wrote:
>
> On Mon, 22 Oct 2012 12:07:11 -0700, Russ Allbery wrote:
>
> > remctl doesn't, as yet, have support for anonymous PKINIT, although it's
> > something that I want to add.
>
> Then perhaps remctl is currently not part of a solution to this problem.
> Is there any way at all to automatically create a keytab on a newly
> installed host?
I have some Kerberos administration tools that can be found at:
http://oskt.secure-endpoints.com/
In particular, krb5_admin and krb5_keytab may be of interest.
These include support for self-service provisioning operations as
well as secure host key bootstrapping (although the latter is not
documented, yet).
I haven't tried the code against MIT for a while and have made
quite a few extensions since then but I'm sure that it will be
relatively easy to get things working as a previous version was
built against MIT and is being actively used in a reasonably large
environment.
--
Roland Dowdeswell http://Imrryr.ORG/~elric/
More information about the Kerberos
mailing list