Sam Hartman <hartm...@debian.org> writes: > Nod. > I find I definitely use ktutil all the time, regardless of how I'm > getting keytabs.
> Even if I'm using samba or something to generate keytabs, I kind of > expect ktutil to be present when kinit is present. That's true -- I do the same. Particularly with Heimdal's ktutil. ktutil from either Kerberos source base can work with the other's keytabs, at least, although the interface is completely incompatible. That's what makes kadmin particularly problematic: if you're running an MIT Kerberos KDC, the Heimdal kadmin is not very useful, and if you're running a Heimdal KDC, the MIT kadmin is useless. This means that, on systems where I do want to use Heimdal kadmin, I have to install the Heimdal versions of every other command-line utility and uninstall all the MIT ones. That, in turn, means that I can't use klist and kinit with keyring caches or DIR caches any more, since Heimdal currently doesn't support them. So I have to choose between having a working kadmin and having MIT's ticket cache support, which is kind of frustrating. That's my primary motivation for wanting to have alternatives available for this so that I can coinstall both MIT and Heimdal clients, or otherwise have some way of installing Heimdal kadmin (and preferrably ktutil, which is much more useful than the MIT utility) while installing the other MIT command-line utilities. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
