On 2006-05-04 03:38:27 -0400, "Richard E. Silverman" <[EMAIL PROTECTED]> said:
>>>>>> "SL" == Scott Lowe <[EMAIL PROTECTED]> writes: > > SL> Yesterday, however, I was able to successfully authenticate via > SL> Kerberos from VMware ESX Server 2.5.3 (the console operating > SL> system is Linux-based) *without* generating a keytab. This seems > SL> to fly in the face of all the information and instructions I've > SL> seen. > > SL> So, I'm curious...any thoughts as to why this worked? > > A keytab is needed for a host on which a kerberized service runs; it holds > the service princpal's secret key, which the service software needs. > > You don't need anything special on a host to allow someone to "kinit" on > it. The only secret needed is your password. OK, that makes sense, since in this instance the "server" (let's say, a non-Kerberized SSH daemon) is strictly a Kerberos client talking through pam_krb5. In that instance, since it is not the one talking Kerberos directly to all other systems involved (I'm hesitant to keep using the terms "client" and "server" here), then a keytab would typically not be necessary. -- Regards, Scott Lowe ePlus Technology, Inc. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos