>This does bring a practical question to mind. Would I normally create a >keytab file with just the entry for a particular service and transfer it to >the service host? Does the admin keytab on the kdc need them for any >reason?
The usual mode of operations is to ONLY run kadmin on the client, and do a single "ktadd" from the client. You only need the two or three principals that kadmind uses to be placed in the admin keytab (the keys are really stored in the principal database for the use of krb5kdc). --Ken ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
