This question was asked by someone else on 08/14/2003, but there was no response to it (I'm pasting a copy of that post below), so I'm asking the question again. The section entitled "The Keytab File" in the MIT documentation touches upon the fact that the keytab files are used by the kerberized application server, but didn't mention anything about them being used on a client machine. Is it safe to assume that the keytab stuff is not used at all on a client?
Thanks! **************************************************************** **************************************************************** **************************************************************** ******** Copy of original posting... **************************************************************** **************************************************************** From: Thomas Schulze <[EMAIL PROTECTED]> Newsgroups: comp.protocols.kerberos Subject: newbie question keytab for client or server Date: Thu, 14 Aug 2003 17:55:55 GMT Hi all, sorry if this are poor and simple questions.. On my server I have Kerberos V (Heimdal) and OpenLDAP slapd installed. I exported keys to /etc/krb5.keytab and can access slapd with ldapsearch via GSSAPI/Keberos-Authentication. So far I'm happy ;-) Now I would like to use another client in the network to connect slapd with kerberos-authentication. My questions are: - Do I need the /etc/krb5.keytab on each client? - How can I handle security issues -- the keytab-file contains keys for different applications and hosts. - Do I have to transmit the keytab file via sftpd or is there a kerbero s tool for that? Best Thomas ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
