When we try to connect to the Ticket granting server we have to create the authenticator and also send the service to which we are trying to connect. My question is do we manually create the authenticator and type in the service or is it an automated process(when we log in the machine will only connect to that service only )
Asked
Active
Viewed 66 times
0
-
This question might find better reception on [ServerFault](http://serverfault.com/) – F. Stephen Q Jun 13 '16 at 16:28
1 Answers
0
For Example:
A User needs to login using kinit username/username to access a service at a particular host. It will ask for your password and if the credentials are matched, you will get access to the service. This is perspective from user side.
But from Admin side, He/she needs to generate keytab files for both hosts and services and copy it to the host where services are present.Also, all the users accessing the system should be generated in KDC database.We can also pull users from Active directory.
For more info: http://web.mit.edu/Kerberos/krb5-1.13/doc/admin/install_kdc.html
Sharan
- 114
- 7
-
Okay.. So if i have a kerberos realm with many services, is it pre defined by the administrator what service can I access or I will have to send a message to the TGS requesting the service manually. – Raj Sharma Jun 14 '16 at 06:43
-
You cannot request for a particular service. All the principals for the services are generated by the administrator. – Sharan Jun 14 '16 at 19:22