Log into the client workstation. Become root. Use your own Kerberos user name in place of USERNAME. Use the actual host name in place of xyz.arl.army.mil
Run:
kadmin -p USERNAME/admin addprinc -randkey host/xyz.arl.army.mil addprinc -randkey sss/xyz.arl.army.mil addprinc -randkey ftp/xyz.arl.army.mil modprinc -kvno 0 sss/xyz.arl.army.mil ktadd -k /etc/v5srvtab host/xyz.arl.army.mil sss/xyz.arl.army.mil ftp/xyz.arl.army.mil q chmod 400 /etc/v5srvtabWith prompts included, this will look like:
# kadmin -p USERNAME/admin Enter password: kadmin: addprinc -randkey host/xyz.arl.army.mil kadmin: addprinc -randkey sss/xyz.arl.army.mil kadmin: addprinc -randkey ftp/xyz.arl.army.mil kadmin: modprinc -kvno 0 sss/xyz.arl.army.mil Principal "sss/xyz.arl.army.mil@ARL.MIL" modified. kadmin: ktadd -k /etc/v5srvtab host/xyz.arl.army.mil sss/xyz.arl.army.mil ftp/xyz.arl.army.mil Entry for principal host/xyz.arl.army.mil with kvno 3, encryption type DES-CBC-CRC added to keytab WRFILE:/tmp/v5srvtab. Entry for principal sss/xyz.arl.army.mil with kvno 1, encryption type DES-CBC-CRC added to keytab WRFILE:/tmp/v5srvtab. Entry for principal ftp/xyz.arl.army.mil with kvno 4, encryption type DES-CBC-CRC added to keytab WRFILE:/tmp/v5srvtab. kadmin: q # chmod 400 /etc/v5srvtabReplace "USERNAME" with your username, and "xyz.arl.army.mil" with the client's full hostname. Be certain to enter your kadmin password, not your regular Kerberos password.
If you get a 'Key table entry not found' error when using SecurID to log into a host, remove the v5srvtab file on the host and recreate it by running just:
kadmin: modprinc -kvno 0 sss/xyz.arl.army.mil kadmin: ktadd -k /etc/v5srvtab host/xyz.arl.army.mil sss/xyz.arl.army.mil ftp/xyz.arl.army.mil kadmin: q # chmod 400 /etc/v5srvtab
Current as of 1-March-1998. See Mike Busse for details.