Reputation: 10605
Can you use a keytab generated on Windows from Linux?
I am on Linux and I have a java web application container setup with kerberos. I need this java web application container setup so that it can authenticate with an IIS server protected by siteminder + kerberos.
So on Windows, I have generated a keytab file using
ktpass -out serviceaccount.keytab -princ [email protected] -mapUser serviceaccount -mapOp set -pass YOUR_PASSWORD -crypto ALL -pType KRB5_NT_PRINCIPAL
So that gives me serviceaccount.keytab. Great.
But what about on Linux? Can I just use this keytab file that was generated? Or do I have to run this process again. Something like:
ktutil
addent -password -p [email protected] -k 1 -e RC4-HMAC
- it will ask you for password of serviceaccount -
wkt serviceaccount.keytab
q
Is the keytab file generated on Windows platform independent? Or does one need to generate it again using linux ktutil?
Upvotes: 1
Views: 1908
Answers (1)
Reputation: 14939
There are a couple of flavors of Kerberos client tools.
Most common is MIT Kerberos, another one is Heimdal.
I haven't seen Heimdal being used anywhere on our Linux servers, but I know other folks are using it.
For example, when you install krb5-workstation yum package, that will bring MIT Kerberos and not Heimdal.
As long as you use the same flavor of Kerberos tools, keytab generated on Windows will work the same on Linux, and vice versa.
Upvotes: 2
Related Questions
- Script Kerberos Ktutil to make keytabs
- Windows AD and Its Key tab File
- Creating a keytab to use with kinit in Windows
- What goes on when using kinit with a keytab file
- What is needed to generate kerberos keytab file on windows?
- Can I generate my own keytab programmatically in Java?
- creating keytab to automate scripts
- Has keytab got a lifetime?
- How do I create a .keytab from Active Directory for Tomcat on Linux?
- Linux keytab file for authentication