Update pages/merlin7/02-How-To-Use-Merlin/kerberos.md
All checks were successful
Build and Deploy Documentation / build-and-deploy (push) Successful in 7s
All checks were successful
Build and Deploy Documentation / build-and-deploy (push) Successful in 7s
This commit is contained in:
@ -73,25 +73,19 @@ other users.
|
||||
|
||||
For generating a **keytab**, one has to:
|
||||
|
||||
1. Load a newer Kerberos ( `krb5/1.20` or higher) from Pmodules:
|
||||
|
||||
```bash
|
||||
module load krb5/1.20
|
||||
```
|
||||
|
||||
2. Create a private directory for storing the Kerberos **keytab** file
|
||||
1. Create a private directory for storing the Kerberos **keytab** file
|
||||
|
||||
```bash
|
||||
mkdir -p ~/.k5
|
||||
```
|
||||
|
||||
3. Run the `ktutil` utility which comes with the loaded `krb5` Pmodule:
|
||||
2. Run the `ktutil` utility:
|
||||
|
||||
```bash
|
||||
ktutil
|
||||
```
|
||||
|
||||
4. In the `ktutil` console, one has to generate a **keytab** file as follows:
|
||||
3. In the `ktutil` console, one has to generate a **keytab** file as follows:
|
||||
|
||||
```bash
|
||||
# Replace $USER by your username
|
||||
@ -100,12 +94,33 @@ For generating a **keytab**, one has to:
|
||||
exit
|
||||
```
|
||||
|
||||
Notice that you will need to add your password once. This step is required for generating the **keytab** file.
|
||||
Please note:
|
||||
* That you will need to add your password once. This step is required for generating the **keytab** file.
|
||||
* `ktutil`does **not** report an error if you enter a wrong password! You can test with the `kinit` command documented below. If `kinit` fails with an error message like "pre-authentication failed", this is usually due to a wrong password/key in the keytab file. In this case **you have to remove the keytab file** and re-run the `ktutil` command. See "Updating the keytab file" in the section below.
|
||||
|
||||
5. Once back to the main shell, one has to ensure that the file contains the proper permissions:
|
||||
### Updating an existing keytab file
|
||||
|
||||
After a password change you have to update your **keytab**:
|
||||
|
||||
1. Remove the old **keytab** file
|
||||
|
||||
```bash
|
||||
chmod 0600 ~/.k5/krb5.keytab
|
||||
rm -f ~/.k5/krb5.keytab
|
||||
```
|
||||
|
||||
2. Run the `ktutil` utility:
|
||||
|
||||
```bash
|
||||
ktutil
|
||||
```
|
||||
|
||||
3. In the `ktutil` console, one has to generate a **keytab** file as follows:
|
||||
|
||||
```bash
|
||||
# Replace $USER by your username
|
||||
add_entry -password -k 0 -f -p $USER
|
||||
wkt /data/user/$USER/.k5/krb5.keytab
|
||||
exit
|
||||
```
|
||||
|
||||
### Obtaining tickets by using keytab files
|
||||
|
||||
Reference in New Issue
Block a user