Reputation: 10605
I am on Linux and I have a java web application container setup with kerberos. I need this java web application container setup so that it can authenticate with an IIS server protected by siteminder + kerberos.
So on Windows, I have generated a keytab file using
ktpass -out serviceaccount.keytab -princ [email protected] -mapUser serviceaccount -mapOp set -pass YOUR_PASSWORD -crypto ALL -pType KRB5_NT_PRINCIPAL
So that gives me serviceaccount.keytab
. Great.
But what about on Linux? Can I just use this keytab file that was generated? Or do I have to run this process again. Something like:
ktutil
addent -password -p [email protected] -k 1 -e RC4-HMAC
- it will ask you for password of serviceaccount -
wkt serviceaccount.keytab
q
Is the keytab file generated on Windows platform independent? Or does one need to generate it again using linux ktutil?
Upvotes: 1
Views: 1908
Reputation: 14939
There are a couple of flavors of Kerberos client tools.
Most common is MIT Kerberos, another one is Heimdal.
I haven't seen Heimdal being used anywhere on our Linux servers, but I know other folks are using it.
For example, when you install krb5-workstation
yum package, that will bring MIT Kerberos and not Heimdal.
As long as you use the same flavor of Kerberos tools, keytab generated on Windows will work the same on Linux, and vice versa.
Upvotes: 2