[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ktutil and afs-KeyFile

To: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
Subject: Re: ktutil and afs-KeyFile
From: Ronny Blomme <Ronny.Blomme@elis.ugent.be>
Date: Fri, 11 May 2007 18:20:59 +0200
In-Reply-To: <C4A5DB4E-EF1F-4CDF-9923-F7B76A8B13A0@ece.cmu.edu>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <200705102051.31858.Ronny.Blomme@elis.ugent.be> <C4A5DB4E-EF1F-4CDF-9923-F7B76A8B13A0@ece.cmu.edu>
Reply-To: heimdal-discuss@sics.se, Ronny Blomme <Ronny.Blomme@elis.ugent.be>
Resent-Date: Fri, 11 May 2007 18:45:58 +0200
Resent-From: Ronny Blomme <Ronny.Blomme@elis.ugent.be>
Resent-Message-ID: <200705111845.58021.Ronny.Blomme@elis.ugent.be>
Resent-To: heimdal-discuss@sics.se
User-Agent: KMail/1.9.3

Maybe it's better to display the default realm name.

In the case where the afs cellname is not the same as the realm name, one has 
to create /usr/afs/etc/krb.conf  (or link it to /etc/krb.conf). krb.conf 
contains the realm name, /usr/afs/etc/ThisCell contains the cell name.
Maybe this information should be added to the afs info on 
http://www.h5l.se/manual/HEAD/info/heimdal.html#Cross-realm

Kind Regards

On Thursday 10 May 2007 21:11, you wrote:
> 
> On May 10, 2007, at 14:51 , Ronny Blomme wrote:
> 
> > I want to check if the KeyFile realy contains the key for
> > afs@REALM.ELIS.UGENT.BE:
> >
> > # ktutil copy AFSKEYFILE:/usr/afs/etc/KeyFile FILE:/tmp/afs.keytab
> > # ktutil -k /tmp/afs.keytab list
> > /tmp/afs.keytab:
> > Vno  Type         Principal
> >   1  des-cbc-md5  afs/elis.ugent.be@ELIS.UGENT.BE
> >
> > This is the wrong principal!
> 
> The KeyFile doesn't actually store a principal; it stores raw keys,  
> indexed by kvno.  ktutil fakes a standard principal name for display.
> 

-- 
Ronny Blomme - http://www.elis.UGent.be/RonnyBlomme

***********************************************************************
This e-mail and/or its attachments may contain confidential information.
It is intended solely for the intended addressee(s). Any use of the
information contained herein by other persons is prohibited.
Both IMEC vzw and Ghent University do not accept any liability for the
contents of this mail and/or its attachments.

PGP signature

References:
- ktutil and afs-KeyFile
  - From: Ronny Blomme <Ronny.Blomme@elis.ugent.be>
- Re: ktutil and afs-KeyFile
  - From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>

Prev by Date: AFS and Kerberos workshop 2007 (SLAC)
Next by Date: Important Notice From ActionAid International!
Prev by thread: Re: ktutil and afs-KeyFile
Next by thread: AFS and Kerberos workshop 2007 (SLAC)
Index(es):
- Date
- Thread