[Freeipa-users] Windows client logon
Simo Sorce
simo at redhat.com
Fri Sep 16 13:35:37 UTC 2011
On Fri, 2011-09-16 at 09:31 -0400, Jimmy wrote:
> ipa-getkeytab -s csp-idm.pdh.csp -p host/ews1-cybsec.pdh.csp -k
> krb5.keytab
> -P [entering into the main keytab /etc/krb5.keytab]
> ipa-getkeytab -s csp-idm.pdh.csp -p host/ews1-cybsec.pdh.csp -k
> krb5.keytab.sys1 -P [entering into a new keytab krb5.keytab.sys1]
> ipa-getkeytab -s csp-idm.pdh.csp -p host/ews1-cybsec.pdh.csp -e
> aes256-cts-hmac-sha1-96 -k krb5.keytab -P
> ipa-getkeytab -s csp-idm.pdh.csp -p host/ews1-cybsec.pdh.csp -e
> aes128-cts-hmac-sha1-96 -k krb5.keytab -P
> ipa-getkeytab -s csp-idm.pdh.csp -p host/ews1-cybsec.pdh.csp -e
> aes256-cts-hmac-sha1-96 -k krb5.keytab.sys1 -P
> ipa-getkeytab -s csp-idm.pdh.csp -p host/ews1-cybsec.pdh.csp -e
> aes128-cts-hmac-sha1-96 -k krb5.keytab.sys1 -P
>
This is not how it works.
You must define all types in one single go.
Every time you invoke ipa-getkeytab for a principal you are discarding
any previous key in the KDC, and only the last one is available.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list