Chris McClimans wrote: > > Is there a way to create an afs service principle and get the > appropriate keytab files out of a Microsoft win2k KDC? > I am not in administration for the remote KDC, and don't have a > user/admin principle on the MS KDC.
Technically if you don't have admin rights on the KDC you can never get the key. Thats the point of the key being the shared secret between the KDC and the server. The admin of the KDC needs to get involved to get you the secret as the representive of the service. See the MS ktpass command, which can produce a keytab, and is used by the admin to set the service principal mapping. I think you can run it locally. > > For example: > > [EMAIL PROTECTED]:~$ /usr/sbin/kadmin -r TTU.EDU -p [EMAIL PROTECTED] > Authenticating as principal [EMAIL PROTECTED] with password. > Enter password: > kadmin: Databasetd: recv suboption NAWS 0 100 (100) 0 53 (53)e > initializing kadmin interface > > What other methods do I have to work with to get a working > afs/[EMAIL PROTECTED] > Is there a way to generate a keytab/afskey based on the known password > in the KDC for that principle? > -chris > > On Friday, July 25, 2003, at 11:57 PM, Derek Atkins wrote: > > > Chris McClimans <[EMAIL PROTECTED]> writes: > > > >> Does this mean that the pts entry would be username for the principal > >> [EMAIL PROTECTED] and I could pts createuser username -id 12345? > >> -chris > > > > Asuming you make "REMOTE.REALM" the kerberos realm for your cell, and > > obtain a key, afs/[EMAIL PROTECTED] For a user with a > > kerberos principal of [EMAIL PROTECTED] you would give them a pts > > name of "username" and you can assign them an id of whatever you want. > > > > e.g.: > > > > klist > > ... > > Default principal: [EMAIL PROTECTED] > > ... > > 07/26/03 00:39:12 07/26/03 10:39:12 [EMAIL PROTECTED] > > 07/26/03 00:39:12 07/26/03 10:39:12 [EMAIL PROTECTED] > > ... > > > > tokens > > User's (AFS ID 9661) tokens for [EMAIL PROTECTED] [Expires Jul 26 10:39] > > User's (AFS ID 9661) tokens for [EMAIL PROTECTED] [Expires Jul 26 > > 10:39] > > ... > > --> pts exa 9661 -c sipb > > Name: warlord, id: 9661, owner: system:administrators, creator: ... > > > > -derek > > > > -- > > Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory > > Member, MIT Student Information Processing Board (SIPB) > > URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH > > [EMAIL PROTECTED] PGP key available > > _______________________________________________ > OpenAFS-info mailing list > [EMAIL PROTECTED] > https://lists.openafs.org/mailman/listinfo/openafs-info -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
