Shumon Huque wrote: > On Fri, Aug 14, 2009 at 10:55:47AM -0400, Jeff Blaine wrote: >> Again, I must really not understand something. This >> principal's password is getting trashed after I use >> ktadd >> >> % sudo kadmin -p admin/admin >> Authenticating as principal admin/admin with password. >> Password for admin/[email protected]: >> kadmin: ktadd -k admin.kt admin/admin
You are creating a keytab to be used as the admin? with a random password? I think you are trying to create a keytab for the admin using the current password, so you can use either the password or the keytab. If so look at the ktutil addent It does not have to change the KDC database. >> Entry for principal admin/admin with kvno 9, encryption type Triple DES >> cbc mode with HMAC/sha1 added to keytab WRFILE:admin.kt. >> Entry for principal admin/admin with kvno 9, encryption type DES cbc >> mode with CRC-32 added to keytab WRFILE:admin.kt. >> kadmin: quit >> >> % sudo kadmin -p admin/admin >> Authenticating as principal admin/admin with password. >> Password for admin/[email protected]: >> kadmin: Incorrect password while initializing kadmin interface >> >> ^^^ tried many times -- had to fix via kadmin.local > > This won't work. ktadd creates a new random key everytime it > is invoked, thus destroying your earlier password derived > key. The manpage says: > > ktadd [-k keytab] [-q] [-e keysaltlist] > [principal | -glob princ-exp] [...] > > Adds a principal or all principals matching princ-exp > to a keytab, randomizing each principal's key in the > process. ... > > I don't think the MIT distro has any tool to do what you want. > You'd probably need to write a program to extract the password > derived key directly from the KDB. > > --Shumon. > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert <[email protected]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
