Russ Allbery
Thu, 28 Jan 2010 12:58:10 -0800
Holger Rauch <holger.ra...@empic.de> writes: > On Thu, 28 Jan 2010, Russ Allbery wrote:
>> [...] >> ktadd -norandkey will do this automatically. ktutil doesn't seem like the >> right tool to use if you're using MIT Kerberos (it's the right tool to use >> if you're using Heimdal). > The problem is that I don't want to "destroy" my regular user's > princ. (I'm afraid that once I ktadd a princ to a keytab, I can't login > anymore interactively using that principal because of the increased > kvno). In case I'm wrong, please feel free to correct me. (I would have > preferred to use ktadd right from the start, but the aforementioned > fears kept me away from using it). That's why you have to use -norandkey. That's what it does. By default, kadmin ktadd will randomize the key, but -norandkey extracts the existing key from the KDC. It's only available in kadmin.local, not in kadmin. If you know the password, you should also be able to create a keytab with ktutil, which I suspect is the path you were going down, but you will need to get the kvno and enctype correct when using add_entry. You should only need one entry with whatever enctype you want to use, though. -- Russ Allbery (r...@stanford.edu) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info