Here is the piece you requested to view in my /etc/krb5/krb5.conf
It looks like others, similar to the Docs?
[realms]
LAB-PASSHE.LCL = {
kdc = drsaddcd01.lab-passhe.lcl
admin_server = drsaddcd01.lab-passhe.lcl
kdc = drsaddcd01.lab-passhe.lcl
kdc = drsaddcd02.lab-passhe.lcl
kdc = drsaddcd03.lab-passhe.lcl
kpasswd_server = drsaddcd01.lab-passhe.lcl
kpasswd_protocol = SET_CHANGE
}
[domain_realm]
.lab-passhe.lcl = LAB-PASSHE.LCL
lab-passhe.lcl = LAB-PASSHE.LCL
Regarding the system keytab file? /etc/krb5/krb5.keytab
So I am understanding it to be for Services only?
ex:
ldap/drsaddcd01.lab-passhe....@lab-passhe.lcl
host/yeoman.lab-passhe....@lab-passhe.lcl
krbtgt/lab-passhe....@lab-passhe.lcl
The please explain a personal keytab?
So the AD Server creates the keytab.
I have a request from SAP to create a personal keytab for userid
xf1adm?
This is what they are asking for?
So the keytab is created by the AD Server using ktpass?
Then I take it on the unix machine and run the kinit command?
I must save that keytab then and point xf1adm to always look at it?
KRB5_KTNAME=/<directory>/xf1.keytab.MD5.SUN (location of the keytab)
kinit -k -t /<directory>/xf1.keytab.MD5.SUN xf1...@passhe.edu
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
