[OmniOS-discuss] Backup CIFS Server
Michael Rasmussen
mir at miras.org
Tue May 31 17:40:58 UTC 2016
On Tue, 31 May 2016 11:33:22 -0400
Steven Ford <sford123 at ibbr.umd.edu> wrote:
>
> Should I somehow configure them to have the same kerberos keys? Is there a
> way to dumb down kerberos to behave like it used to? Would it be a bad idea
> to dumb down kerberos in this way?
>
On windows you use ktpass.exe to generate keytab files:
https://technet.microsoft.com/en-us/library/cc753771(v=ws.11).aspx
Check parameter /out
On Unix like systems the command is ktutil:
http://web.mit.edu/kerberos/krb5-1.12/doc/admin/admin_commands/ktutil.html
The generated keytab file can be distributed to any number of hosts and
enables the beholder of the keytab to create a security context with
the AD without username and password either as a client or a server so
you should keep safe.
Typical client use: To get a service token (identify and authorize) to
a server/service.
Typical server use: To verify and validate service tokens from clients.
--
Hilsen/Regards
Michael Rasmussen
Get my public GnuPG keys:
michael <at> rasmussen <dot> cc
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E
mir <at> datanom <dot> net
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C
mir <at> miras <dot> org
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917
--------------------------------------------------------------
/usr/games/fortune -es says:
There are only two kinds of tequila. Good and better.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://omniosce.org/ml-archive/attachments/20160531/465d5410/attachment-0001.bin>
More information about the OmniOS-discuss
mailing list