Fredrik Tolf wrote: > On Mon, 2006-01-09 at 09:28 -0600, Douglas E. Engert wrote: > > Rodrick Brown wrote: > >> ktadd user/foo1.bar.com > > Not heeded, users are not in keytabs. > > In my experience, that's not just unneeded, but even detrimental. > When I did that on my MIT KDC (in order to be able to get a TGT with > kinit -kt ...), it increased the principal's kvno and put a random > key on that principal, which meant that it wasn't possible to decrypt > the TGT using a password anymore.
You are correct. Putting a key in the keytab automatically changes the password for that key, so you usually never want to do that for a user principal. -Wyllys ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
