removal of kadm5.keytab [PSARC/2008/358 FastTrack timeout 06/10/2008]
James Carlson
James.D.Carlson at sun.com
Tue Jun 3 06:49:54 PDT 2008
Mark Phalan writes:
>
> On Tue, 2008-06-03 at 09:28 -0400, James Carlson wrote:
> > Wyllys Ingersoll writes:
> > > With the latest resync of Kerberos with MIT Kerberos 1.6.3 (in
> > > progress) kadmind(1M) reads the keys it needs directly from the
> > > Kerberos database. Prior to this a keytab file had to be populated
> > > with the keys kadmind required. By default this file was located at
> > > /etc/krb5/kadm5.keytab.
> >
> > Is there anything that the administrator needs to do to make the new
> > scheme work? Do the existing keys need to be transferred out of that
> > file somehow?
>
> The administrator doesn't need to do anything. The keytab will just no
> longer be used - instead the keys will be directly read from the
> kerberos db.
> The administrator may want to delete that file (as its no longer used)
> but that isn't necessary.
OK. Perhaps the file should be deleted on system upgrade, so that the
user doesn't try to do something silly, like modify the file and
expect it to do something.
--
James Carlson, Solaris Networking <james.d.carlson at sun.com>
Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
More information about the opensolaris-arc
mailing list