[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Windows machine accounts and keytabs



Hello,

When configuring a Windows workstation to use a Heimdal KDC ( 
http://www.pdc.kth.se/heimdal/heimdal.html#Configuring-Windows-2000-to-use-a-Heimdal-KDC 
), you issue the command ksetup /setmachpassword.
I have two questions about this command :

1) where is this "machine password" stored in the system( the windows 
registry ? SAM ? ) ?

2) is it possible to generate a host/hostname.example.com principal with 
a random-key on the KDC, extract to a keytab, and import this keytab 
into the workstation without having to enter a password ?

Regards.

IT services
Universite Paris 4.


Hai Zaar a écrit :
> On Dec 5, 2007 12:41 PM, Gabor Gombas <gombasg@sztaki.hu> wrote:
>> On Wed, Dec 05, 2007 at 11:23:31AM +0200, Hai Zaar wrote:
>>
>>> LinuxFromScratch guys once maintained patch to add FHS compliance for
>>> heimdal. I've ported it to 1.0.1.
>> The patch is wrong because it just hides the problem instead of fixing
>> it. The bug is that the code does not honour the --localstatedir=...
>> option of configure. The real fix would be to use the $localstatedir
>> value from configure everywhere instead of a hard-coded value. That way
>> everyone can decide if he wants FHS-compliance or not at configure time.
> 
> OK, here is the thing - "/var" is hardcoded twice - as "/var/heimdal"
> and "/var/run".
> @localstatedir@ usually denotes "/var"-like location. Now, while
> @localstatedir@/run
> looks sane, @localstatedir@/lib/@PACKAGE_NAME@ will lead you back to
> /var/lib/heimdal,
> which probably makes (Solaris?) people unhappy.
> Should we add something like ''--with-dbdir=" switch?
> 
> I will implement the fix, as long as we all are happy with design.
>