Sorry I didn't check the link, it was working some time ago fine. I think the only way to automate it is via the ldap interface to Active Directory ( at least I am not aware of any other easy way). You may be able to write a GSSAPI client server app to create the AD entry and fetch the keytab.
Regards Markus <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > > Thanks a lot for the reply. I am trying to implement kerberos on an > embedded device. I used linux systems to understand interoperability > with windows. > > Tools like net ads join has other dependencies such as ldap. Since I am > trying for an embedded device, it looks like it is not feasible. Could > you please tell me if there are any other simple ways of doing it ? > > Also the link: > http://www.pppl.gov/~dperry/msktutil/ doesnt open :( > > - Sandy. > > Markus Moeller wrote: >> Instead of using ktpass on the kdc you can do all directly from the Unix >> system, by using tools like net ads join from samba. (Keep in mind that >> you >> need to authenticate to the kdc to create accounts and if you automate >> this >> completly (e.g. with a hardcoded password) the password will be known at >> some point and may compromise your overall security) >> >> See also my response from November >> http://mailman.mit.edu/pipermail/kerberos/2005-November/008836.html >> >> Markus >> >> <[EMAIL PROTECTED]> wrote in message >> news:[EMAIL PROTECTED] >> > Hi all, >> > >> > I am using windows 2003 Domain controller as KDC and I am using linux >> > machines. The steps what I have followed to make these linux machines >> > to use windows 2003 server are as follows: >> > 1. Configured windows 2003 as domain controller, added the linux >> > machines as users. >> > 2. Generated keytab files using ktpass tool. >> > 3. Tested the gss server and gss client communication. It works fine. >> > >> > I notice that I had to add the linux mahines as users, generate >> > seperate keytab files for each account and copy those on to the linux >> > machines. The problem is it requires as lot of manual stuffs to do. I >> > am looking in to how to automate this procedure. Could you please >> > suggest how to go about it ? Could you please let me know if this is >> > the standard method of doing it as of now ? Are there any other methods >> > ? I am really aiming at automating this procedure as it will be >> > difficult to configure non windows systems which act as application >> > servers and if they are large in number. >> > >> > Could you please let me know your suggestions ? >> > >> > - Sandy. >> > > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
