[Freeipa-users] Problem: How to download the keytab from IPA without resetting/regenerating a new one??
Stephen Gallagher
sgallagh at redhat.com
Fri Apr 27 20:25:59 UTC 2012
On Thu, 2012-04-26 at 19:58 -0700, David Copperfield wrote:
> Hi,
>
>
> Just have a silly case where I've to download the existing version
> keytab for a service principal. It is download only -- not recreate a
> new version and download the new version which ipa-getkeytab does. --
> ipa-getkeytab command name seems a little bit misleading because it
> does both 'set' and 'get' operations.
Well, this is actually intentional. I'm curious what your reasoning is
for wanting to access the original key. There really isn't any downside
to just pulling a brand-new one for a host, and the upside is that you
just rolled your keys, so if they happened to be compromised, you're
safe now.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120427/6bb398e0/attachment.sig>
More information about the Freeipa-users
mailing list