[OpenAFS] Odd question: KeyFile vs keytab

Russ Allbery rra@stanford.edu
Fri, 01 Sep 2006 15:05:28 -0700

Jeffrey Altman <jaltman@secure-endpoints.com> writes:
> John Rudd wrote:

>> b) is there a way to reverse the asetkey operation, effectively
>> creating a keytab from a KeyFile?  And then I could use ktutil to
>> convert it to a krb5 keytab, and then run the OpenAFS version of
>> asetkey?

> asetkey takes a Kerberos 5 key and stores it in the AFS KeyFile.

I think that's only the second half of what John asked.  Given the answer
to (a), the answer to the first half of (b) is probably academic, but for
the record the answer is that I believe Heimdal's ktutil does support this
but I don't believe MIT's ktutil does.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>