On Fri, 2005-05-27 at 16:57:05 -0500, eric proclaimed... > Continuing on my battle to get 50 hosts under central administration, I've > now gotten heimdal working. Wow, I can klist, kinit and kdestroy. > Interesting, but logging into other machines is *more* interesting :-)
I believe I got this working. > kadmin> list * > [EMAIL PROTECTED] > [EMAIL PROTECTED] > kadmin/[EMAIL PROTECTED] > kadmin/[EMAIL PROTECTED] > plonk/[EMAIL PROTECTED] > kadmin/[EMAIL PROTECTED] > changepw/[EMAIL PROTECTED] > krbtgt/[EMAIL PROTECTED] Problem was that I didn't have /etc/kerberosV/krb5.keytab files on these hosts. To get this working, I had to do the following... kadmin> add --random-key host/<hostname>.sg.depaul.edu kadmin> ext --keytab=/path/to/keytab.file host/<hostname>.sg.depaul.edu then transport /path/to/keytab.file to each /etc/kerberosV/krb5.keytab file. Note that this may be INSECURE to hardcore kerberos advocates! Instead, login to each host and as root : # kadmin kadmin> ext --keytab=/etc/kerberosV/krb5.keytab # chmod 0400 /etc/kerberosV/krb5.keytab - Eric
