On 05/14/2018 01:29 PM, Alexander Bokovoy wrote:
Talking with Simo, we realized that since we are using random salt
for
all IPA principals, you need to know the salt when creating a keytab
entry. You only can retrieve that via KRB5_TRACE for kinit like I did in
https://paste.fedoraproject.org/paste/KPt2PbYsdluhAJcVLdQjBg but since
salt is random, it may have characters that aren't clean for a shell
use, so your scripting mileage may vary.
Thanks a lot! That is helpful. However
man page for ktutil has no word
for salt:
add_entry
add_entry {-key|-password} -p principal -k kvno -e enctype
and attempt to add -s option results in invalid usage error.
usage: addent (-key | -password) -p principal -k kvno -e enctype
$ rpm -qf /usr/bin/ktutil
krb5-workstation-1.15.1-8.el7.x86_64
--
Josh.