Hi everyone,
I'm trying to set up cross-realm authentication so that a user in realm
EXAMPLE.COM can access a service in HADOOP.COM. I've added a capaths
section to my krb5.conf for the same:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/va
Hi all,
I was wondering that in order to debug kerberos issues on a production
machine, would it be a good idea to enable trace logging via KRB5_TRACE,
for a small amount of time ?
I have experimented with kerberos trace logging in a test environment with
commands like kinit, kadmin, and other pr
Hi guys,
Kind of a noob question, but here it goes.
When I export a principal's key to a keytab file using the following
command:
ktadd -k keytabfile service/host@REALM
(1) Does the keytabfile contain the key in encrypted form or as plaintext?
(2) Is it possible to export the key in encrypted fo
Ah, I get it. It's much clearer now. Thanks guys!
On Jul 18, 2017 10:15 PM, "Russ Allbery" wrote:
> Greg Hudson writes:
> > On 07/18/2017 12:48 PM, pratyush parimal wrote:
>
> >> (2) Is it possible to export the key in encrypted form? If so, then how
> &
PLE.COM KDC like so:
[capaths]
HADOOP.COM = {
EXAMPLE.COM = .
}
However, in practice I found that my setup works even without step (2). I'm
wondering if the "capaths" is deprecated or something? Or is it needed for
setups that are more complicated in s
