Re: Shishi

help-shishi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Shishi

From:	Simon Josefsson
Subject:	Re: Shishi
Date:	Wed, 08 Aug 2012 15:48:56 +0200
User-agent:	Gnus/5.130006 (Ma Gnus v0.6) Emacs/23.3 (gnu/linux)

address@hidden writes:

> Hello,
>
> I need to create a service principal to test a Spring Kerberos application 
> example.
>
> In this article
> http://blog.springsource.org/2009/09/28/spring-security-kerberos/, the
> author recommends
> typing the following commands to create the principal and add it to a keytab
>
> ktpass /out http-web.keytab /mapuser
> address@hidden /princ
> HTTP/address@hidden /pass *
>
>
> on Windows
>
> kadmin:  addprinc -randkey HTTP/web.springsource.com
> kadmin:  ktadd -k /http-web.keytab HTTP/web.springsource.com
>
> on Linux
>
>
> In Shishi, the equivalent of the first Linux command, is, I guess,
>
> shisa -a SPRINGSOURCE.COM krbtgt/SPRINGSOURCE.COM HTTP/web.springsource.com 
>
>
> What is the equivalent of the second command (ktadd)?

You need to do it in two steps, first export the key from the KDC
database using 'shisa', for example:

shisa --dump --keys SPRINGSOURCE.COM HTTP/web.springsource.com > 
http-web-key.txt

keytab2shishi --reverse http-web-key.txt http-web.keytab

Possibly this functionality could be merged into shisa to make things
easier.

> How do I map the equivalent of the above keytab to the 
> http-web.springsource.com user?
>
> (address@hidden)

I'm not sure I understand this question.  Generally, you'll have to
configure the application to access the server keytab it needs.

/Simon

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Shishi, Simon Josefsson <=

Prev by Date: Re: Solved: shishi directory rights
Next by Date: Re: 64-bit issue with checksumming.
Previous by thread: Re: Solved: shishi directory rights
Next by thread: Re: 64-bit issue with checksumming.
Index(es):
- Date
- Thread