On ti, 26 kesä 2018, Bret Wortman wrote:
I found your post, but the paste you made was gone. You don't
happen
to still have that laying around, do you?
A script is attached. It may fail in some
cases as salt is really a
random sequence of bytes that might need additional escaping in shell.
On 06/26/2018 07:06 AM, Alexander Bokovoy wrote:
>On ti, 26 kesä 2018, Bret Wortman via FreeIPA-users wrote:
>>What's the correct way to create a user keytab? I had done this
>>once about 3 years ago and got it working, but can't find my notes
>>anywhere. I need to be able to do this in a script:
>>
>> kinit -k admin -t /root/keytab
>>
>>I've tried various approaches using ktutil and kadmin but haven't
>>had any success just yet.
>Review archives of this mailing list for last month or so. I've
>commented in some other thread. Basically, FreeIPA uses a random salt
>for user principals. As result, if you need to create a keytab manually
>for a user account, you need to know which salt and kvno value to use
>along with the password.
>
>However, ktutil only allows you to specify a salt manually since MIT
>Kerberos 1.16. The latter is in Fedora 28 or later but not in RHEL or
>CentOS yet.
>
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland