Is there a "batchable" way to do ktutil list

Dameon Wagner dameon.wagner at it.ox.ac.uk
Wed Apr 21 04:15:53 EDT 2021


On Wed, Apr 21 2021 at 00:56:39 -0700, Dan Mahoney (Gushi) scribbled
 in "Is there a "batchable" way to do ktutil list":
> All,
> 
> Dayjob has a puppet fact that, under freeBSD, uses "ktutil list" to get 
> the kvno of a given host.  This works great because the heimdal kerberos 
> that's built into freeBSD is what we like to parse.  It takes a -k 
> argument to specify a keytab file.
> 
> Linux is another story.  Under ubuntu, the mit version of ktutil gets 
> installed, and I can't figure out how to script it easily.  There are no 
> documented ways to pass an arg, or even to print the version.  (We can 
> glean it by looking at installed packages).
> 
> Is there another command that is more script-friendly?  If not, can 
> someone share a good way to pass args to the MIT ktutil?

If you want the "true" kvno value, from a KDC, then the `kvno` tool
will return the results you want.

I you want the kvno values from within a keytab, like ktutil would
provide, then I'd look at the `k5srvutil` tool, which will take
subcommands and arguments for passing in the path to a keytab.

Cheers.

Dameon.

-- 
><> ><> ><> ><> ><> ><> ooOoo <>< <>< <>< <>< <>< <><
Dr. Dameon Wagner, Unix Platform Services
IT Services, University of Oxford
><> ><> ><> ><> ><> ><> ooOoo <>< <>< <>< <>< <>< <><



More information about the Kerberos mailing list