Sorry about the mass of emails, but since we're creating a bunch of these files wouldn't it make sense to create a directory under /etc/ called "keytab" so as to avoid clogging up /etc?
Justin Davor Ocelic wrote: > On Sat, 06 Jan 2007 23:42:15 -0500 > Michael Olson <[EMAIL PROTECTED]> wrote: > > >> Davor Ocelic <[EMAIL PROTECTED]> writes: >> >> >>> Since most of our services run under different users, we should create >>> /etc/<srvname>.keytab for each service and chown/chgrp it properly. >>> The creation of the keytab file is done within kadmin; here's an example >>> for user "domtool" (which I've added already): >>> >>> $ kadmin -k -p root/admin >>> : ktadd -k /etc/domtool.keytab domtool >>> : quit >>> >>> $ kinit -k -t /etc/domtool.keytab domtool >>> $ sudo -u domtool klist >>> >> I've tried to do this for exim4, as follows. >> >> sudo kadmin -k -p root/admin >> kadmin: ktadd -k /etc/exim4.keytab Debian-exim >> kadmin: Principal Debian-exim does not exist. >> >> Am I missing a step here? >> > > Kind of, yes. System users are not in kerberos, so you need to add > them, like this (inside kadmin): > > addprinc -randkey Debian-exim > > then continue as usual.. > > _______________________________________________ > HCoop-SysAdmin mailing list > [email protected] > http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin > _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
