Ticket History #2611: automatically getting initial tickets using keytab

RT for krbdev.mit.edu

History Show all quoted text — Show full headers

# Wed Jun 23 15:17:54 2004 raeburn (Ken Raeburn) - Ticket created

To:	krb5-bugs@mit.edu
From:	Ken Raeburn <raeburn@mit.edu>
Date:	Wed, 23 Jun 2004 15:17:32 -0400
Subject:	automatically getting initial tickets using keytab

Download (untitled) / with headers
text/plain 503B

We've got the ability to automatically prompt for a password when
tickets have expired on Mac OS X, and the Windows code is doing some
magic dealing with refreshing tickets too.

It would be handy to have a way to say, here's my keytab file, go get
new tickets any time they're needed. Then a long- or
frequently-running service or batch job or whatever with a keytab
doesn't have to explicitly re-run kinit every N hours.

Means of specifying this behavior TBD...

(Suggested at cartel meeting.)

Ken

# Wed Jun 23 16:03:42 2004 Russ Allbery <rra@stanford.edu> - Comments added

To:	rt-comment@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #2611] automatically getting initial tickets using keytab
From:	Russ Allbery <rra@stanford.edu>
Date:	Wed, 23 Jun 2004 13:03:33 -0700
RT-Send-Cc:

Download (untitled) / with headers
text/plain 493B

Ken Raeburn via RT <rt-comment@krbdev.mit.edu> writes:

Show quoted text

> It would be handy to have a way to say, here's my keytab file, go get
> new tickets any time they're needed. Then a long- or frequently-running
> service or batch job or whatever with a keytab doesn't have to
> explicitly re-run kinit every N hours.

<http://www.eyrie.org/~eagle/software/kstart/> does this for Unix; we've
been using it for many years.

--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>