If your goal was to have a admin.kt to run script from cron,
maybe the best choice it to create a cronadmin/admin
and give it admin privilages.
Then create its keytab using ktadd. Yoiu can then change it
as needed, and still have you admin/admin.
Greg Hudson wrote:
> On Fri, 2009-08-14 at 14:18 -
On Fri, 2009-08-14 at 14:18 -0400, Jeff Blaine wrote:
> > If so look at the ktutil addent
> > It does not have to change the KDC database.
> Thank you. That works as I wanted. I probably knew this
> at some point but forgot.
A small caveat: ktutil addent doesn't contact the KDC and thus doesn't
>>> % sudo kadmin -p admin/admin
>>> Authenticating as principal admin/admin with password.
>>> Password for admin/ad...@foo.com:
>>> kadmin: ktadd -k admin.kt admin/admin
>
> You are creating a keytab to be used as the admin?
> with a random password?
>
> I think you are trying to create a keyt
Shumon Huque writes:
> This won't work. ktadd creates a new random key everytime it
> is invoked, thus destroying your earlier password derived
> key. The manpage says:
> ktadd [-k keytab] [-q] [-e keysaltlist]
> [principal | -glob princ-exp] [...]
> Adds a principal or
On Fri, Aug 14, 2009 at 11:26:22AM -0400, Jeff Blaine wrote:
> Goofy :/
>
> I wonder how people script kadmin queries with MIT-krb5.
>
> You know, like, setting every principal's password expiration.
Can't you use "kadmin -k -t /path/to/keytab .."?
It also has "-w password" thus exposing the pa
Goofy :/
I wonder how people script kadmin queries with MIT-krb5.
You know, like, setting every principal's password expiration.
Shumon Huque wrote:
> On Fri, Aug 14, 2009 at 10:55:47AM -0400, Jeff Blaine wrote:
>> Again, I must really not understand something. This
>> principal's password is g
Shumon Huque wrote:
> On Fri, Aug 14, 2009 at 10:55:47AM -0400, Jeff Blaine wrote:
>> Again, I must really not understand something. This
>> principal's password is getting trashed after I use
>> ktadd
>>
>> % sudo kadmin -p admin/admin
>> Authenticating as principal admin/admin with password.
>
On Fri, Aug 14, 2009 at 10:55:47AM -0400, Jeff Blaine wrote:
> Again, I must really not understand something. This
> principal's password is getting trashed after I use
> ktadd
>
> % sudo kadmin -p admin/admin
> Authenticating as principal admin/admin with password.
> Password for admin/ad...@foo
Again, I must really not understand something. This
principal's password is getting trashed after I use
ktadd
% sudo kadmin -p admin/admin
Authenticating as principal admin/admin with password.
Password for admin/ad...@foo.com:
kadmin: ktadd -k admin.kt admin/admin
Entry for principal admin/admi