Kerberos Windows Client sign
Fredrik Tolf
fredrik at dolda2000.com
Thu Sep 9 20:20:09 EDT 2004
On Thu, 2004-09-09 at 17:24 +0000, Luis Daniel Lucio Quiroz wrote:
> Helo All,
>
> I was wondering if there is away to make kerberos auth automatic. The fact is
> that I working on making a NT4 (samba) like domain work most closely like a
> 2k-alike domain (I'm interesting on Kerberos and single-singon feature). On
> PDC all services are already kerberized, using pam or native support.
>
> When a client sign on I can catch its password, so I would know if there is a
> way to use kinit command with out prompint,
>
> I have tried: echo passwor | kinit user and
> kinit user < pass.txt
If it is passwordless autologin that you seek, you might might want to
create an extra principal such as user/autologin instead. Then, extract
that principal into a keytab on the computer in question:
kadmin -q "ktadd -k /path/to/the/users/keytab user/autologin"
Then, to initialize the ccache, run kinit like this:
kinit -k -t /path/to/the/users/keytab user/autologin
That way, you won't have to save the user's password in plaintext.
Admittedly, this is how it would be done on Linux/UNIX with the MIT
implementation. I have no idea if KFW works the same...
Fredrik Tolf
More information about the Kerberos
mailing list