On Thu, 28 Jan 2010 21:04:55 +0100 Holger Rauch <[email protected]> wrote:
> Hi Russ, > > thanks a lot for your reply. > > On Thu, 28 Jan 2010, Russ Allbery wrote: > > > [...] > > ktadd -norandkey will do this automatically. ktutil doesn't seem > > like the right tool to use if you're using MIT Kerberos (it's the > > right tool to use if you're using Heimdal). > > The problem is that I don't want to "destroy" my regular user's > princ. (I'm afraid that once I ktadd a princ to a keytab, I can't > login anymore interactively using that principal because of the > increased kvno). In case I'm wrong, please feel free to correct me. (I > would have preferred to use ktadd right from the start, but the > aforementioned fears kept me away from using it). The -norandkey option is what leaves the keys the same, so users can still kep using the same password. It requires a rather newish kadmin, though, doesn't it? I don't know the version it comes with, but it doesn't seem to exist with lenny's packages. -- Andrew Deason [email protected] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
