We use an internally developed job-dispatching system, which is
implicitly built on Kerberos. Jobs are basically dispatched via “ssh
servername command”. Furthermore, the jobs need to access NFSv4
shares mounted with the “sec=krb5p” option. To facilitate this, the
ssh client and daemon need to
On Tue, Jul 1, 2014 at 9:34 AM, Matt Garman matthew.gar...@gmail.com
wrote:
As far as I can tell, re-creating the keytab
file causes the key version number (“KVNO”) to be incremented.
The standard way to deal with this problem is to keep both key version
numbers in the keytab file on the
On 07/01/2014 12:34 PM, Matt Garman wrote:
Nothing unusual or surprising so far. Now, let’s say that particular
slave server is rebuilt (OS wiped, re-installed, re-configured). Note
that the rebuilding process involves re-generating the host keytab
[...]
This is the destructive service