[30977] in Kerberos
Re: Linux Daemons and Kerberos Tickets
daemon@ATHENA.MIT.EDU (Richard E. Silverman)
Wed Apr 8 11:47:59 2009
From: "Richard E. Silverman" <res@qoxp.net>
Date: Wed, 08 Apr 2009 02:04:06 -0400
Message-ID: <m2k55v7kbt.fsf@darwin.oankali.net>
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>>>>> "NS" == neelsmail <neelsmail@rediffmail.com> writes:
NS> Hi, I wanted to know whether there are any recommendations
NS> regarding following scenario:
NS> - In order to Linux daemons to be running in kerberos/Active
NS> Directory users' context, a (krbtgt) ticket is needed and is
NS> fetched by kinit. - But this ticket is usually valid for some
NS> time depending on user configuration and it needs to be renewed.
NS> Is there a recommended way of renewing/getting new ticket for the
NS> user?
Yes. The user reauthenticates with his or her password, typically once a day.
NS> One of the ways suggested to me was run kinit externally as
NS> cronjob for every user you want every n hours. But that seems
NS> dangerous to me.
NS> Putting kinit call to .bashrc sounds good to me but that will
NS> fetch ticket only for default duration. Is there a better way? Or
NS> how do admins do it usually?
NS> Thanks in advance, -Neel.
--
Richard Silverman
res@qoxp.net
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
