On Tue, 2008-06-03 at 09:28 -0400, James Carlson wrote: > Wyllys Ingersoll writes: > > With the latest resync of Kerberos with MIT Kerberos 1.6.3 (in > > progress) kadmind(1M) reads the keys it needs directly from the > > Kerberos database. Prior to this a keytab file had to be populated > > with the keys kadmind required. By default this file was located at > > /etc/krb5/kadm5.keytab. > > Is there anything that the administrator needs to do to make the new > scheme work? Do the existing keys need to be transferred out of that > file somehow?
The administrator doesn't need to do anything. The keytab will just no longer be used - instead the keys will be directly read from the kerberos db. The administrator may want to delete that file (as its no longer used) but that isn't necessary. -Mark
