[OpenAFS] Re: Cron Jobs for "Regular" Users

Russ Allbery rra@stanford.edu
Thu, 28 Jan 2010 10:12:24 -0800


Holger Rauch <holger.rauch@empic.de> writes:

> I just did a "getprinc <princ_name>" and it told me that the user
> actually had *two* different (meaning different encryption types)
> keys.

Yes, it's normal for most principals to have multiple enctypes.

> Does that imply I would also have to add *both* keys from within ktutil
> for the newly generated keytab file?

ktadd -norandkey will do this automatically.  ktutil doesn't seem like the
right tool to use if you're using MIT Kerberos (it's the right tool to use
if you're using Heimdal).

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>