>answered, so I'm going to ask: the keytab folder in the MIT source code
>is only needed for application servers or KDCs, right? There's no need
Think of the keytab file as of a file that contains a password, and
remember that "both sides" need to prove who they are in a kerberised
world.
As long as some user runs kinit interactively, there is no need for a
keytab. On the other hand, you need a keytab for any program that runs
automatically, and wants to communicate with other programs. This includes
all network services, but may also include some cron jobs that you want to
run.
For instance, you could have automated backup routine, with central server
and clients on all the PCs. If this service is kerberised, you will need a
keytab on every client.
Btw, you can have more than one keytab file, each readible only by the
user (service) that owns it.
regards
Denis
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
