kadm5.keytab
Mark Phalan
Mark.Phalan at Sun.COM
Fri Mar 21 04:42:25 EDT 2008
On Thu, 2008-03-20 at 16:06 -0600, Shawn M Emery wrote:
> Mark Phalan wrote:
> > On Thu, 2008-03-20 at 11:26 -0400, Tom Yu wrote:
> >
> >> Mark Phalan <Mark.Phalan at Sun.COM> writes:
> >>
> >>
> >>> It might be nice to remove the necessity to configure a keytab for
> >>> kadmind (kadm5.keytab). The key data that kadmind needs could be taken
> >>> directly from the kerberos db. Doing it that way would simplify
> >>> administration/setup and remove a whole class of potential configuration
> >>> problems (kadm5.keytab missing principals, containing old principals,
> >>> wrong path to kadm5.keytab specified etc.)
> >>>
> >> This was already done in a prior release. I don't remember which
> >> release introduced it. Some of the documentation may still refer to
> >> kadm5.keytab, though.
> >>
> >
> > Ah, interesting. We don't have it in Solaris yet though. I'm doing a
> > resync at the moment so I'll take a look at that when I get to kadmind.
> >
>
> Should be, as these changes were made back in MIT 1.3.
Our kadmind code was sufficently different from MIT that this feature
was never sync'ed in. I'll make sure to get this feature in when doing
the current KDC resync.
-M
More information about the krbdev
mailing list