Question related to keytab entries upgrade

Roland C. Dowdeswell elric at
Tue Jan 15 01:09:13 EST 2013

On Mon, Jan 14, 2013 at 12:03:32PM -0500, Greg Hudson wrote:

> The other way around this problem is to generate the keys outside of the
> KDB (either on the KDC or the servers), store them into the keytabs they
> need to be in, and then push them into the KDB.  We have a server-side
> "setkey" RPC in kadmind which allows keys to be pushed to the KDB, but
> no client tools for it at this time.  Using the setkey RPC requires
> explicit "setkey" access in the kadmind ACL, because kadmind has no
> assurance that the generated key is random (and not based on a password
> which wouldn't meet kadmind's password policy).
> You might want to take a look at
> and see if it can meet any of your needs.  I haven't learned about it in
> detail myself.

A slightly better place to look would be:

because it contains a little more documentation and has the man pages
formatted for online reading.

It also describes some of the motivations behind the tool and the extended
features that the tool offers.

If you have any questions, please feel free to send me an e-mail.

    Roland Dowdeswell                      http://Imrryr.ORG/~elric/

More information about the krbdev mailing list