Thanks Pat - I just did this and it did work. I also discovered that in qshell you can manually delete principals from the keytab file

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Patrick Botz
Sent: Tuesday, March 11, 2008 1:36 PM
To: Midrange Systems Technical Discussion
Subject: Re: Kerberos keytab file?

It is perfectly safe to delete this file and let the wizard create it again.
The wizard creates it based on information you provide plus some hostname
resolution stuff it does on both the client PC where the wizard is running
and on i5/OS. If you rerun the wizard without deleting this file, a whole
new file is created (or is supposed to be created) -- i.e. you shouldn't
have to delete it.

But, I believe your confusion comes from the fact that when a single service
principal name (SPN) is added to the keytab file, THREE entries show up.
Kerberos does this so that it can support dynamically different encryption
and hashing strengths/algorithms/schemes. The GUI interfaces understand this
and let you deal with one entry rather then 3 individual entries. The
"keytab" commands are in the public domain and they show you the individual
entries for each principal.

Hope this helps/is understandable.


On Mon, Mar 10, 2008 at 8:58 AM, Mike Cunningham <mcunning@xxxxxxx> wrote:

/QIBM/UserData/OS400/NetworkAuthentication/keytab/krb5.keytab

Where does the above file come from? When I do a strqsh and then ask for
a keytab list I get a list of Principal's with some names that should not be
there. I have gone through the reconfigure of Network Authentication Service
under Security in Navigator and the principal name I want to get rid of is
not shown but after completing the wizard and looking at the resulting
krb5.keytab file it still has the extra names in the file. Under Manage
keytab and then the Details button is also does not show the extra names.
Would it be safe to delete the keytab file and let the wizard recreate it?
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.




--
Patrick Botz
VP, Security Consulting
Group8 Security, Inc.
pat.botz@xxxxxxxxxxxxxxxxxx
pcbotz@xxxxxxxxx
Office 507 285 9048
Cell 507 250 5644
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].