Holger Rauch <[email protected]> writes: > On Thu, 28 Jan 2010, Russ Allbery wrote:
>> [...] >> ktadd -norandkey will do this automatically. ktutil doesn't seem like the >> right tool to use if you're using MIT Kerberos (it's the right tool to use >> if you're using Heimdal). > The problem is that I don't want to "destroy" my regular user's > princ. (I'm afraid that once I ktadd a princ to a keytab, I can't login > anymore interactively using that principal because of the increased > kvno). In case I'm wrong, please feel free to correct me. (I would have > preferred to use ktadd right from the start, but the aforementioned > fears kept me away from using it). That's why you have to use -norandkey. That's what it does. By default, kadmin ktadd will randomize the key, but -norandkey extracts the existing key from the KDC. It's only available in kadmin.local, not in kadmin. If you know the password, you should also be able to create a keytab with ktutil, which I suspect is the path you were going down, but you will need to get the kvno and enctype correct when using add_entry. You should only need one entry with whatever enctype you want to use, though. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
