On 05/14/2018 01:29 PM, Alexander Bokovoy wrote:
Talking with Simo, we realized that since we are using random salt for
all IPA principals, you need to know the salt when creating a keytab
entry. You only can retrieve that via KRB5_TRACE for kinit like I did in
https://paste.fedoraproject.org/paste/KPt2PbYsdluhAJcVLdQjBg but since
salt is random, it may have characters that aren't clean for a shell
use, so your scripting mileage may vary.
Thanks a lot! That is helpful. However man page for ktutil has no word
for salt:
add_entry
add_entry {-key|-password} -p principal -k kvno -e enctype
and attempt to add -s option results in invalid usage error.
usage: addent (-key | -password) -p principal -k kvno -e enctype
$ rpm -qf /usr/bin/ktutil
krb5-workstation-1.15.1-8.el7.x86_64
--
Josh.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
