[debian-lan-devel] create kerberos keytab for my workstation-
Andreas B. Mundt
andi.mundt at web.de
Thu Feb 20 14:15:39 UTC 2014
Hi Richard,
On Thu, Feb 20, 2014 at 11:14:39AM +0100, Richard C Hidalgo Lorite wrote:
> Would you please tell me how can I generate myhost.keytab ? I havefound
> keytabs for generic workstations named workstation00,workstation01,... at
> /root/installation but i need to generate keytabs for my specific
> hostnames...
The keytabs are generated during installation by the script
"scripts/KDC_LDAP/10-slapd-KDC" (in the fai config space).
If you look into that file, you see that it all boils down to:
NFS principal:
kadmin.local -q "addprinc -randkey nfs/workstation${i}${j}.intern"
(create principal in KDC)
kadmin.local -q "ktadd -k $DATADIR/workstation${i}${j}.keytab
nfs/workstation${i}${j}.intern"
(export keytab)
Same for the host principal:
kadmin.local -q "addprinc -randkey host/workstation${i}${j}.intern"
kadmin.local -q "ktadd -k $DATADIR/workstation${i}${j}.keytab
host/workstation${i}${j}.intern"
So I suggest to use something along the lines (on the KDC):
kadmin.local -q "addprinc -randkey nfs/myhost.intern"
kadmin.local -q "addprinc -randkey host/myhost.intern"
kadmin.local -q "ktadd -k myhost.keytab nfs/myhost.intern"
kadmin.local -q "ktadd -k myhost.keytab host/myhost.intern"
C.f. man kadmin for details.
Is this sufficient?
Let me know if you need more help and things do not work out as they
should.
Best regards,
Andi
More information about the debian-lan-devel
mailing list