[30968] in Kerberos
Linux Daemons and Kerberos Tickets
daemon@ATHENA.MIT.EDU (neelsmail@rediffmail.com)
Tue Apr 7 17:58:29 2009
From: neelsmail@rediffmail.com
Date: Tue, 7 Apr 2009 06:10:12 -0700 (PDT)
Message-ID: <e787829d-f367-49b9-a9ec-4513dfa6cd20@v23g2000pro.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I wanted to know whether there are any recommendations regarding
following scenario:
- In order to Linux daemons to be running in kerberos/Active Directory
users' context, a (krbtgt) ticket is needed and is fetched by kinit.
- But this ticket is usually valid for some time depending on user
configuration and it needs to be renewed.
Is there a recommended way of renewing/getting new ticket for the
user?
One of the ways suggested to me was run kinit externally as cronjob
for every user you want every n hours. But that seems dangerous to me.
Putting kinit call to .bashrc sounds good to me but that will fetch
ticket only for default duration. Is there a better way? Or how do
admins do it usually?
Thanks in advance,
-Neel.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
