Kerberos Windows Client sign

Fredrik Tolf fredrik at
Thu Sep 9 20:20:09 EDT 2004

On Thu, 2004-09-09 at 17:24 +0000, Luis Daniel Lucio Quiroz wrote:
> Helo All,
> I was wondering if there is away to make kerberos auth automatic.  The fact is 
> that I working on making a NT4 (samba) like domain work most closely like a 
> 2k-alike domain (I'm interesting on Kerberos and single-singon feature).  On 
> PDC all services are already kerberized, using pam or native support.
> When a client sign on I can catch its password, so I would know if there is a 
> way to use kinit command with out prompint,
> I have tried:   echo passwor | kinit user         and        
> kinit user < pass.txt

If it is passwordless autologin that you seek, you might might want to
create an extra principal such as user/autologin instead. Then, extract
that principal into a keytab on the computer in question:
kadmin -q "ktadd -k /path/to/the/users/keytab user/autologin"

Then, to initialize the ccache, run kinit like this:
kinit -k -t /path/to/the/users/keytab user/autologin

That way, you won't have to save the user's password in plaintext.

Admittedly, this is how it would be done on Linux/UNIX with the MIT
implementation. I have no idea if KFW works the same...

Fredrik Tolf

More information about the Kerberos mailing list