-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wachdorf, Daniel R wrote:

| We currently have a large Kerberos infrastructure in place. As part of
| this we have Kerberized SSH in place. We have created a tool to create
| computer type accounts in Active Directory. We set the userPrincpalName
| to host/HOSTNAME@REALM and the servicePrincipalName to host/HOSTNAME.
| (This seems to function much like the "net ads join" command.) We then
| set the password for the computer and write out a Kerberos keytab file
| to /etc/krb5.keytab to allow Kerberos authentication with SSH.
|
| The "net ads join" command doesn't seem to create a keytab, but rather
| creates the secrets.tdb file which appears to store the password used to
| create the computer account.

keytab support was added around Samba 3.0.5 or so. See
'use kerberos keytab' in smb.conf(5).






cheers, jerry
================================================== ===================
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCL1qRIR7qMdg1EfYRAlQQAJ9yvdvZTcN4VeyyxxY13k xG19a1NwCgrnQc
Sw7kPGYO8aJgGOtBafZc5/g=
=nrOZ
-----END PGP SIGNATURE-----