Openfire ipa

From Asenjo
Revision as of 18:42, 15 June 2012 by Natxo (Talk | contribs) (Created page with "According to [http://community.igniterealtime.org/docs/DOC-1060#Create%20a%20Service%20Principal%20and%20Keytab%20for%20Openfire the openfire SSO guide], we need to get a keyt...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

According to the openfire SSO guide, we need to get a keytab with an encryption type of des3-hmac-sha1. Unfortunately, the example they use appears to use another encryption type, so that confused me a bit. Thanks to rcrit (Rob Crittenden?) on the freeipa room on irc.freenode.net, I got the right incantation for ipa-getkeytab: 

ipa-getkeytab -s kdc.ipa.asenjo.nx -p xmpp/ipaclient01.ipa.asenjo.nx -k openfire.keytab -e des3-hmac-sha1

Here we dump the keytab for xmpp/ipaclient01.ipa.asenjo.nx to the file openfire.keytab with the right encryption. 

[admin@ipaclient01 ~]$ klist -k -t openfire.keytab
Keytab name: WRFILE:openfire.keytab
KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------
   3 06/15/12 18:29:53 xmpp/ipaclient01.ipa.asenjo.nx@IPA.ASENJO.NX
Retrieved from "https://asenjo.nl/wiki/index.php?title=Openfire_ipa&oldid=89"