Skip Menu |
 

Subject: kprop/kpropd should use KDB keytab
kprop and kpropd currently use a keytab to initiate and receive
authentications. Since they inherently require access to the KDB being
propagated, they could use the KDB keytab, just as kadmind does, in
order to simplify propagation setup.
Date: Mon, 23 Nov 2015 12:12:21 -0500 (EST)
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Greg Hudson via RT <rt-comment@krbdev.MIT.EDU>
Subject: Re: [krbdev.mit.edu #8279] kprop/kpropd should use KDB keytab
RT-Send-Cc:
On Mon, 23 Nov 2015, Greg Hudson via RT wrote:

Show quoted text
> kprop and kpropd currently use a keytab to initiate and receive
> authentications. Since they inherently require access to the KDB being
> propagated, they could use the KDB keytab, just as kadmind does, in
> order to simplify propagation setup.

Would this change the bootstrapping procedure noticeably?
[kaduk@MIT.EDU - Mon Nov 23 12:12:25 2015]:
Show quoted text
> Would this change the bootstrapping procedure noticeably?

That's a good point. Although slaves could be initiated using a manual
dump/copy/load, the documentation currently initiates them using kprop,
which would not work if a KDB is required to receive authentication.