Multiple host names in a single kerberos key tab

19 November, 2008 (14:33) |

If you are using clustered service with kerberos, you may want to merge hostnames keytab files to one for simple distribution.

Create host and service principals.

kadmin:  addprinc -randkey host/node1.corp.intranet.lan
kadmin:  addprinc -randkey host/node2.corp.intranet.lan
kadmin:  addprinc -randkey host/node3.corp.intranet.lan
kadmin:  addprinc -randkey host/node4.corp.intranet.lan
kadmin:  addprinc -randkey host/node5.corp.intranet.lan
kadmin:  addprinc -randkey host/node6.corp.intranet.lan
kadmin:  addprinc -randkey host/node7.corp.intranet.lan
kadmin:  addprinc -randkey host/node8.corp.intranet.lan
kadmin:  addprinc -randkey HTTP/node1.corp.intranet.lan
kadmin:  addprinc -randkey HTTP/node2.corp.intranet.lan
kadmin:  addprinc -randkey HTTP/node3.corp.intranet.lan
kadmin:  addprinc -randkey HTTP/node4.corp.intranet.lan
kadmin:  addprinc -randkey HTTP/node5.corp.intranet.lan
kadmin:  addprinc -randkey HTTP/node6.corp.intranet.lan
kadmin:  addprinc -randkey HTTP/node7.corp.intranet.lan
kadmin:  addprinc -randkey HTTP/node8.corp.intranet.lan

Save them to only one file (cluster.keytab).

kadmin:  ktadd -k /etc/httpd/cluster.keytab host/node1.corp.intranet.lan
kadmin:  ktadd -k /etc/httpd/cluster.keytab host/node2.corp.intranet.lan
kadmin:  ktadd -k /etc/httpd/cluster.keytab host/node3.corp.intranet.lan
kadmin:  ktadd -k /etc/httpd/cluster.keytab host/node4.corp.intranet.lan
kadmin:  ktadd -k /etc/httpd/cluster.keytab host/node5.corp.intranet.lan
kadmin:  ktadd -k /etc/httpd/cluster.keytab host/node6.corp.intranet.lan
kadmin:  ktadd -k /etc/httpd/cluster.keytab host/node7.corp.intranet.lan
kadmin:  ktadd -k /etc/httpd/cluster.keytab host/node8.corp.intranet.lan
kadmin:  ktadd -k /etc/httpd/cluster.keytab HTTP/node1.corp.intranet.lan
kadmin:  ktadd -k /etc/httpd/cluster.keytab HTTP/node2.corp.intranet.lan
kadmin:  ktadd -k /etc/httpd/cluster.keytab HTTP/node3.corp.intranet.lan
kadmin:  ktadd -k /etc/httpd/cluster.keytab HTTP/node4.corp.intranet.lan
kadmin:  ktadd -k /etc/httpd/cluster.keytab HTTP/node5.corp.intranet.lan
kadmin:  ktadd -k /etc/httpd/cluster.keytab HTTP/node6.corp.intranet.lan
kadmin:  ktadd -k /etc/httpd/cluster.keytab HTTP/node7.corp.intranet.lan
kadmin:  ktadd -k /etc/httpd/cluster.keytab HTTP/node8.corp.intranet.lan

As alternative, you can use command ktutil if you already have a bunch of keytab files.

ktutil:  rkt /etc/krb5/node1.corp.intranet.lan.keytab
ktutil:  rkt /etc/krb5/node2.corp.intranet.lan.keytab
ktutil:  rkt /etc/krb5/node3.corp.intranet.lan.keytab
ktutil:  rkt /etc/krb5/node4.corp.intranet.lan.keytab
ktutil:  rkt /etc/krb5/node5.corp.intranet.lan.keytab
ktutil:  rkt /etc/krb5/node6.corp.intranet.lan.keytab
ktutil:  rkt /etc/krb5/node7.corp.intranet.lan.keytab
ktutil:  wkt /etc/cluster.keytab

M	T	W	T	F	S	S
« Oct				Dec »
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

Marek Mahut

Multiple host names in a single kerberos key tab

Comments

Write a comment

Friends

Archives

Search