On Fri, Aug 31, 2012 at 10:56 AM, Gary Gatling <[email protected]> wrote: >
> So will I still need to create a keytab for this account? Is there a good > faq on how to do that step if I know the account name and password? > The "best" way to create a keytab is to randomize the password and use kadmin to extract the keytab. If you have a heimdal kdc, you can extract the keytab w/o changing the password. The last time I looked the MIT code essentially randomized the password and updated the key when you created a keytab via the kadmin interface. If you have the MIT version of the ktutil command, you can use that to create a keytab if you know the password. However, you have to also know the key version number as well. ( kadmin should tell you this ) ktutil is kind of a weird interface, the command you want is add_entry. Exactly what you do depends if you need to keep the password for use by humans or not. Once you have a keytab, k5start should allow you to do all the things you need. - Booker C. Bense _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
