On Thu, 2012-04-26 at 19:58 -0700, David Copperfield wrote:
> Hi,
>  Just have a silly case where I've to download the existing version
> keytab for a service principal. It is download only -- not recreate a
> new version and download the new version which ipa-getkeytab does. --
> ipa-getkeytab command name seems a little bit misleading because it
> does both 'set' and 'get' operations. 

Well, this is actually intentional. I'm curious what your reasoning is
for wanting to access the original key. There really isn't any downside
to just pulling a brand-new one for a host, and the upside is that you
just rolled your keys, so if they happened to be compromised, you're
safe now.

Attachment: signature.asc
Description: This is a digitally signed message part

Freeipa-users mailing list

Reply via email to