[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Shishi
From: |
Simon Josefsson |
Subject: |
Re: Shishi |
Date: |
Wed, 08 Aug 2012 15:48:56 +0200 |
User-agent: |
Gnus/5.130006 (Ma Gnus v0.6) Emacs/23.3 (gnu/linux) |
address@hidden writes:
> Hello,
>
> I need to create a service principal to test a Spring Kerberos application
> example.
>
> In this article
> http://blog.springsource.org/2009/09/28/spring-security-kerberos/, the
> author recommends
> typing the following commands to create the principal and add it to a keytab
>
> ktpass /out http-web.keytab /mapuser
> address@hidden /princ
> HTTP/address@hidden /pass *
>
>
> on Windows
>
> kadmin: addprinc -randkey HTTP/web.springsource.com
> kadmin: ktadd -k /http-web.keytab HTTP/web.springsource.com
>
> on Linux
>
>
> In Shishi, the equivalent of the first Linux command, is, I guess,
>
> shisa -a SPRINGSOURCE.COM krbtgt/SPRINGSOURCE.COM HTTP/web.springsource.com
>
>
> What is the equivalent of the second command (ktadd)?
You need to do it in two steps, first export the key from the KDC
database using 'shisa', for example:
shisa --dump --keys SPRINGSOURCE.COM HTTP/web.springsource.com >
http-web-key.txt
keytab2shishi --reverse http-web-key.txt http-web.keytab
Possibly this functionality could be merged into shisa to make things
easier.
> How do I map the equivalent of the above keytab to the
> http-web.springsource.com user?
>
> (address@hidden)
I'm not sure I understand this question. Generally, you'll have to
configure the application to access the server keytab it needs.
/Simon
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: Shishi,
Simon Josefsson <=