On Mon, Nov 29, 2004 at 11:45:05AM -0500, Louis Guillaume wrote:
> Here is the situation, folks...
> 
>  |MIT|   |  Heimdal  |
>  |KDC|   |File-server|

That's a similar situation to what I have as well.

> ... The File-server is a NetBSD box running netatalk.
> 
> If I create the service principal for the File-Server on the MIT KDC, 
> how do I extract the keytab file onto the Heimdal box?
> 
> From what I understand, the two kadmin programs are incompatible.

Yup.

> Are the keytabs compatible between MIT and Heimdal?

Yup.

> Can I just extract the key from the MIT box and "cat keytab 
> >>/etc/krb5.keytab" ?

Extract the principals to a temporary keytab on the KDC (ext -k
/etc/krb5.keytab.someotherhostname.tmp host/someotherhostname@REALM, the
the equivalent). scp the keytab to "someotherhostname" (the file server)
and rename it to /etc/krb5.keytab. Be careful not to clobber
/etc/krb5.keytab on the KDC ;-)

-T


-- 
"Laughter is the sound that knowledge makes when it's born."
    -- David Weinberger, _The Hyperlinked Organization_