Ahhh. I get it now. So basically this isn't possible today. Do you have
any insight into when we might see it?
On 06/26/2018 08:26 AM, Alexander Bokovoy wrote:
On ti, 26 kesä 2018, Bret Wortman wrote:
> My ktutil doesn't have "-s" as an option on addent -- is this a
> version-specific thing? I'm on C7 with krb5-workstation 1.15.1-8 and
> ipa-client 4.5.0-22.
I said this in the original answer:
-----------------------------------------------------------------------
However, ktutil only allows you to specify a salt manually since MIT
Kerberos 1.16. The latter is in Fedora 28 or later but not in RHEL or
CentOS yet.
-----------------------------------------------------------------------
>
>
> On 06/26/2018 07:30 AM, Alexander Bokovoy wrote:
>> On ti, 26 kesä 2018, Bret Wortman wrote:
>>> I found your post, but the paste you made was gone. You don't
>>> happen to still have that laying around, do you?
>> A script is attached. It may fail in some cases as salt is really a
>> random sequence of bytes that might need additional escaping in shell.
>>
>>
>>>
>>>
>>> On 06/26/2018 07:06 AM, Alexander Bokovoy wrote:
>>>> On ti, 26 kesä 2018, Bret Wortman via FreeIPA-users wrote:
>>>>> What's the correct way to create a user keytab? I had done this
>>>>> once about 3 years ago and got it working, but can't find my
>>>>> notes anywhere. I need to be able to do this in a script:
>>>>>
>>>>> kinit -k admin -t /root/keytab
>>>>>
>>>>> I've tried various approaches using ktutil and kadmin but
haven't
>>>>> had any success just yet.
>>>> Review archives of this mailing list for last month or so. I've
>>>> commented in some other thread. Basically, FreeIPA uses a random salt
>>>> for user principals. As result, if you need to create a keytab
>>>> manually
>>>> for a user account, you need to know which salt and kvno value to use
>>>> along with the password.
>>>>
>>>> However, ktutil only allows you to specify a salt manually since MIT
>>>> Kerberos 1.16. The latter is in Fedora 28 or later but not in RHEL or
>>>> CentOS yet.
>>>>
>>>
>>
>