> I installed Kerberos & Openldap on my Debian v4 server. I read that I should create a principal for each host and service. The question is: do I have to exp ort the keys of hosts and services to a file and distribute it on all machines? (silly question? sorry but I'm a newbie)
Yes. Each host should get a file (called a keytab file, usually located as /etc/krb5.keytab) which contains just the keys for the services served out by that machine -- if nothing else the host/host.name.here key). In kadmin[.local] the 'ank' command creates the keys and the 'ktadd' command extracts them into a file. The ktutil command is useful for checking the contents of a key file. John ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
